1. Packages
  2. Fortios
  3. API Docs
  4. system
  5. Settings
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.system.Settings

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure VDOM settings.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.system.Settings("trname", {
        allowLinkdownPath: "disable",
        guiWebfilter: "enable",
        opmode: "nat",
        sipSslPort: 5061,
        status: "enable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.system.Settings("trname",
        allow_linkdown_path="disable",
        gui_webfilter="enable",
        opmode="nat",
        sip_ssl_port=5061,
        status="enable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := system.NewSettings(ctx, "trname", &system.SettingsArgs{
    			AllowLinkdownPath: pulumi.String("disable"),
    			GuiWebfilter:      pulumi.String("enable"),
    			Opmode:            pulumi.String("nat"),
    			SipSslPort:        pulumi.Int(5061),
    			Status:            pulumi.String("enable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.System.Settings("trname", new()
        {
            AllowLinkdownPath = "disable",
            GuiWebfilter = "enable",
            Opmode = "nat",
            SipSslPort = 5061,
            Status = "enable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.system.Settings;
    import com.pulumi.fortios.system.SettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Settings("trname", SettingsArgs.builder()
                .allowLinkdownPath("disable")
                .guiWebfilter("enable")
                .opmode("nat")
                .sipSslPort(5061)
                .status("enable")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:system:Settings
        properties:
          allowLinkdownPath: disable
          guiWebfilter: enable
          opmode: nat
          sipSslPort: 5061
          status: enable
    

    Create Settings Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Settings(name: string, args?: SettingsArgs, opts?: CustomResourceOptions);
    @overload
    def Settings(resource_name: str,
                 args: Optional[SettingsArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Settings(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 allow_linkdown_path: Optional[str] = None,
                 allow_subnet_overlap: Optional[str] = None,
                 application_bandwidth_tracking: Optional[str] = None,
                 asymroute: Optional[str] = None,
                 asymroute6: Optional[str] = None,
                 asymroute6_icmp: Optional[str] = None,
                 asymroute_icmp: Optional[str] = None,
                 auxiliary_session: Optional[str] = None,
                 bfd: Optional[str] = None,
                 bfd_desired_min_tx: Optional[int] = None,
                 bfd_detect_mult: Optional[int] = None,
                 bfd_dont_enforce_src_port: Optional[str] = None,
                 bfd_required_min_rx: Optional[int] = None,
                 block_land_attack: Optional[str] = None,
                 central_nat: Optional[str] = None,
                 comments: Optional[str] = None,
                 compliance_check: Optional[str] = None,
                 consolidated_firewall_mode: Optional[str] = None,
                 default_app_port_as_service: Optional[str] = None,
                 default_policy_expiry_days: Optional[int] = None,
                 default_voip_alg_mode: Optional[str] = None,
                 deny_tcp_with_icmp: Optional[str] = None,
                 detect_unknown_esp: Optional[str] = None,
                 device: Optional[str] = None,
                 dhcp6_server_ip: Optional[str] = None,
                 dhcp_proxy: Optional[str] = None,
                 dhcp_proxy_interface: Optional[str] = None,
                 dhcp_proxy_interface_select_method: Optional[str] = None,
                 dhcp_server_ip: Optional[str] = None,
                 discovered_device_timeout: Optional[int] = None,
                 dyn_addr_session_check: Optional[str] = None,
                 dynamic_sort_subtable: Optional[str] = None,
                 ecmp_max_paths: Optional[int] = None,
                 email_portal_check_dns: Optional[str] = None,
                 ext_resource_session_check: Optional[str] = None,
                 firewall_session_dirty: Optional[str] = None,
                 fqdn_session_check: Optional[str] = None,
                 fw_session_hairpin: Optional[str] = None,
                 gateway: Optional[str] = None,
                 gateway6: Optional[str] = None,
                 get_all_tables: Optional[str] = None,
                 gui_advanced_policy: Optional[str] = None,
                 gui_advanced_wireless_features: Optional[str] = None,
                 gui_allow_unnamed_policy: Optional[str] = None,
                 gui_antivirus: Optional[str] = None,
                 gui_ap_profile: Optional[str] = None,
                 gui_application_control: Optional[str] = None,
                 gui_casb: Optional[str] = None,
                 gui_default_policy_columns: Optional[Sequence[SettingsGuiDefaultPolicyColumnArgs]] = None,
                 gui_dhcp_advanced: Optional[str] = None,
                 gui_dlp: Optional[str] = None,
                 gui_dlp_profile: Optional[str] = None,
                 gui_dns_database: Optional[str] = None,
                 gui_dnsfilter: Optional[str] = None,
                 gui_domain_ip_reputation: Optional[str] = None,
                 gui_dos_policy: Optional[str] = None,
                 gui_dynamic_device_os_id: Optional[str] = None,
                 gui_dynamic_profile_display: Optional[str] = None,
                 gui_dynamic_routing: Optional[str] = None,
                 gui_email_collection: Optional[str] = None,
                 gui_endpoint_control: Optional[str] = None,
                 gui_endpoint_control_advanced: Optional[str] = None,
                 gui_enforce_change_summary: Optional[str] = None,
                 gui_explicit_proxy: Optional[str] = None,
                 gui_file_filter: Optional[str] = None,
                 gui_fortiap_split_tunneling: Optional[str] = None,
                 gui_fortiextender_controller: Optional[str] = None,
                 gui_icap: Optional[str] = None,
                 gui_implicit_policy: Optional[str] = None,
                 gui_ips: Optional[str] = None,
                 gui_load_balance: Optional[str] = None,
                 gui_local_in_policy: Optional[str] = None,
                 gui_local_reports: Optional[str] = None,
                 gui_multicast_policy: Optional[str] = None,
                 gui_multiple_interface_policy: Optional[str] = None,
                 gui_multiple_utm_profiles: Optional[str] = None,
                 gui_nat4664: Optional[str] = None,
                 gui_object_colors: Optional[str] = None,
                 gui_ot: Optional[str] = None,
                 gui_per_policy_disclaimer: Optional[str] = None,
                 gui_policy_based_ipsec: Optional[str] = None,
                 gui_policy_disclaimer: Optional[str] = None,
                 gui_policy_learning: Optional[str] = None,
                 gui_proxy_inspection: Optional[str] = None,
                 gui_replacement_message_groups: Optional[str] = None,
                 gui_route_tag_address_creation: Optional[str] = None,
                 gui_security_profile_group: Optional[str] = None,
                 gui_spamfilter: Optional[str] = None,
                 gui_sslvpn: Optional[str] = None,
                 gui_sslvpn_personal_bookmarks: Optional[str] = None,
                 gui_sslvpn_realms: Optional[str] = None,
                 gui_switch_controller: Optional[str] = None,
                 gui_threat_weight: Optional[str] = None,
                 gui_traffic_shaping: Optional[str] = None,
                 gui_videofilter: Optional[str] = None,
                 gui_virtual_patch_profile: Optional[str] = None,
                 gui_voip_profile: Optional[str] = None,
                 gui_vpn: Optional[str] = None,
                 gui_waf_profile: Optional[str] = None,
                 gui_wan_load_balancing: Optional[str] = None,
                 gui_wanopt_cache: Optional[str] = None,
                 gui_webfilter: Optional[str] = None,
                 gui_webfilter_advanced: Optional[str] = None,
                 gui_wireless_controller: Optional[str] = None,
                 gui_ztna: Optional[str] = None,
                 h323_direct_model: Optional[str] = None,
                 http_external_dest: Optional[str] = None,
                 ike_dn_format: Optional[str] = None,
                 ike_natt_port: Optional[int] = None,
                 ike_policy_route: Optional[str] = None,
                 ike_port: Optional[int] = None,
                 ike_quick_crash_detect: Optional[str] = None,
                 ike_session_resume: Optional[str] = None,
                 ike_tcp_port: Optional[int] = None,
                 implicit_allow_dns: Optional[str] = None,
                 inspection_mode: Optional[str] = None,
                 internet_service_app_ctrl_size: Optional[int] = None,
                 internet_service_database_cache: Optional[str] = None,
                 ip: Optional[str] = None,
                 ip6: Optional[str] = None,
                 lan_extension_controller_addr: Optional[str] = None,
                 link_down_access: Optional[str] = None,
                 lldp_reception: Optional[str] = None,
                 lldp_transmission: Optional[str] = None,
                 location_id: Optional[str] = None,
                 mac_ttl: Optional[int] = None,
                 manageip: Optional[str] = None,
                 manageip6: Optional[str] = None,
                 multicast_forward: Optional[str] = None,
                 multicast_skip_policy: Optional[str] = None,
                 multicast_ttl_notchange: Optional[str] = None,
                 nat46_force_ipv4_packet_forwarding: Optional[str] = None,
                 nat46_generate_ipv6_fragment_header: Optional[str] = None,
                 nat64_force_ipv6_packet_forwarding: Optional[str] = None,
                 ngfw_mode: Optional[str] = None,
                 opmode: Optional[str] = None,
                 prp_trailer_action: Optional[str] = None,
                 sccp_port: Optional[int] = None,
                 sctp_session_without_init: Optional[str] = None,
                 ses_denied_traffic: Optional[str] = None,
                 sip_expectation: Optional[str] = None,
                 sip_helper: Optional[str] = None,
                 sip_nat_trace: Optional[str] = None,
                 sip_ssl_port: Optional[int] = None,
                 sip_tcp_port: Optional[int] = None,
                 sip_udp_port: Optional[int] = None,
                 snat_hairpin_traffic: Optional[str] = None,
                 ssl_ssh_profile: Optional[str] = None,
                 status: Optional[str] = None,
                 strict_src_check: Optional[str] = None,
                 tcp_session_without_syn: Optional[str] = None,
                 utf8_spam_tagging: Optional[str] = None,
                 v4_ecmp_mode: Optional[str] = None,
                 vdom_type: Optional[str] = None,
                 vdomparam: Optional[str] = None,
                 vpn_stats_log: Optional[str] = None,
                 vpn_stats_period: Optional[int] = None,
                 wccp_cache_engine: Optional[str] = None)
    func NewSettings(ctx *Context, name string, args *SettingsArgs, opts ...ResourceOption) (*Settings, error)
    public Settings(string name, SettingsArgs? args = null, CustomResourceOptions? opts = null)
    public Settings(String name, SettingsArgs args)
    public Settings(String name, SettingsArgs args, CustomResourceOptions options)
    
    type: fortios:system:Settings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var examplesettingsResourceResourceFromSystemsettings = new Fortios.System.Settings("examplesettingsResourceResourceFromSystemsettings", new()
    {
        AllowLinkdownPath = "string",
        AllowSubnetOverlap = "string",
        ApplicationBandwidthTracking = "string",
        Asymroute = "string",
        Asymroute6 = "string",
        Asymroute6Icmp = "string",
        AsymrouteIcmp = "string",
        AuxiliarySession = "string",
        Bfd = "string",
        BfdDesiredMinTx = 0,
        BfdDetectMult = 0,
        BfdDontEnforceSrcPort = "string",
        BfdRequiredMinRx = 0,
        BlockLandAttack = "string",
        CentralNat = "string",
        Comments = "string",
        ComplianceCheck = "string",
        ConsolidatedFirewallMode = "string",
        DefaultAppPortAsService = "string",
        DefaultPolicyExpiryDays = 0,
        DefaultVoipAlgMode = "string",
        DenyTcpWithIcmp = "string",
        DetectUnknownEsp = "string",
        Device = "string",
        Dhcp6ServerIp = "string",
        DhcpProxy = "string",
        DhcpProxyInterface = "string",
        DhcpProxyInterfaceSelectMethod = "string",
        DhcpServerIp = "string",
        DiscoveredDeviceTimeout = 0,
        DynAddrSessionCheck = "string",
        DynamicSortSubtable = "string",
        EcmpMaxPaths = 0,
        EmailPortalCheckDns = "string",
        ExtResourceSessionCheck = "string",
        FirewallSessionDirty = "string",
        FqdnSessionCheck = "string",
        FwSessionHairpin = "string",
        Gateway = "string",
        Gateway6 = "string",
        GetAllTables = "string",
        GuiAdvancedPolicy = "string",
        GuiAdvancedWirelessFeatures = "string",
        GuiAllowUnnamedPolicy = "string",
        GuiAntivirus = "string",
        GuiApProfile = "string",
        GuiApplicationControl = "string",
        GuiCasb = "string",
        GuiDefaultPolicyColumns = new[]
        {
            new Fortios.System.Inputs.SettingsGuiDefaultPolicyColumnArgs
            {
                Name = "string",
            },
        },
        GuiDhcpAdvanced = "string",
        GuiDlp = "string",
        GuiDlpProfile = "string",
        GuiDnsDatabase = "string",
        GuiDnsfilter = "string",
        GuiDomainIpReputation = "string",
        GuiDosPolicy = "string",
        GuiDynamicDeviceOsId = "string",
        GuiDynamicProfileDisplay = "string",
        GuiDynamicRouting = "string",
        GuiEmailCollection = "string",
        GuiEndpointControl = "string",
        GuiEndpointControlAdvanced = "string",
        GuiEnforceChangeSummary = "string",
        GuiExplicitProxy = "string",
        GuiFileFilter = "string",
        GuiFortiapSplitTunneling = "string",
        GuiFortiextenderController = "string",
        GuiIcap = "string",
        GuiImplicitPolicy = "string",
        GuiIps = "string",
        GuiLoadBalance = "string",
        GuiLocalInPolicy = "string",
        GuiLocalReports = "string",
        GuiMulticastPolicy = "string",
        GuiMultipleInterfacePolicy = "string",
        GuiMultipleUtmProfiles = "string",
        GuiNat4664 = "string",
        GuiObjectColors = "string",
        GuiOt = "string",
        GuiPerPolicyDisclaimer = "string",
        GuiPolicyBasedIpsec = "string",
        GuiPolicyDisclaimer = "string",
        GuiPolicyLearning = "string",
        GuiProxyInspection = "string",
        GuiReplacementMessageGroups = "string",
        GuiRouteTagAddressCreation = "string",
        GuiSecurityProfileGroup = "string",
        GuiSpamfilter = "string",
        GuiSslvpn = "string",
        GuiSslvpnPersonalBookmarks = "string",
        GuiSslvpnRealms = "string",
        GuiSwitchController = "string",
        GuiThreatWeight = "string",
        GuiTrafficShaping = "string",
        GuiVideofilter = "string",
        GuiVirtualPatchProfile = "string",
        GuiVoipProfile = "string",
        GuiVpn = "string",
        GuiWafProfile = "string",
        GuiWanLoadBalancing = "string",
        GuiWanoptCache = "string",
        GuiWebfilter = "string",
        GuiWebfilterAdvanced = "string",
        GuiWirelessController = "string",
        GuiZtna = "string",
        H323DirectModel = "string",
        HttpExternalDest = "string",
        IkeDnFormat = "string",
        IkeNattPort = 0,
        IkePolicyRoute = "string",
        IkePort = 0,
        IkeQuickCrashDetect = "string",
        IkeSessionResume = "string",
        IkeTcpPort = 0,
        ImplicitAllowDns = "string",
        InspectionMode = "string",
        InternetServiceAppCtrlSize = 0,
        InternetServiceDatabaseCache = "string",
        Ip = "string",
        Ip6 = "string",
        LanExtensionControllerAddr = "string",
        LinkDownAccess = "string",
        LldpReception = "string",
        LldpTransmission = "string",
        LocationId = "string",
        MacTtl = 0,
        Manageip = "string",
        Manageip6 = "string",
        MulticastForward = "string",
        MulticastSkipPolicy = "string",
        MulticastTtlNotchange = "string",
        Nat46ForceIpv4PacketForwarding = "string",
        Nat46GenerateIpv6FragmentHeader = "string",
        Nat64ForceIpv6PacketForwarding = "string",
        NgfwMode = "string",
        Opmode = "string",
        PrpTrailerAction = "string",
        SccpPort = 0,
        SctpSessionWithoutInit = "string",
        SesDeniedTraffic = "string",
        SipExpectation = "string",
        SipHelper = "string",
        SipNatTrace = "string",
        SipSslPort = 0,
        SipTcpPort = 0,
        SipUdpPort = 0,
        SnatHairpinTraffic = "string",
        SslSshProfile = "string",
        Status = "string",
        StrictSrcCheck = "string",
        TcpSessionWithoutSyn = "string",
        Utf8SpamTagging = "string",
        V4EcmpMode = "string",
        VdomType = "string",
        Vdomparam = "string",
        VpnStatsLog = "string",
        VpnStatsPeriod = 0,
        WccpCacheEngine = "string",
    });
    
    example, err := system.NewSettings(ctx, "examplesettingsResourceResourceFromSystemsettings", &system.SettingsArgs{
    	AllowLinkdownPath:              pulumi.String("string"),
    	AllowSubnetOverlap:             pulumi.String("string"),
    	ApplicationBandwidthTracking:   pulumi.String("string"),
    	Asymroute:                      pulumi.String("string"),
    	Asymroute6:                     pulumi.String("string"),
    	Asymroute6Icmp:                 pulumi.String("string"),
    	AsymrouteIcmp:                  pulumi.String("string"),
    	AuxiliarySession:               pulumi.String("string"),
    	Bfd:                            pulumi.String("string"),
    	BfdDesiredMinTx:                pulumi.Int(0),
    	BfdDetectMult:                  pulumi.Int(0),
    	BfdDontEnforceSrcPort:          pulumi.String("string"),
    	BfdRequiredMinRx:               pulumi.Int(0),
    	BlockLandAttack:                pulumi.String("string"),
    	CentralNat:                     pulumi.String("string"),
    	Comments:                       pulumi.String("string"),
    	ComplianceCheck:                pulumi.String("string"),
    	ConsolidatedFirewallMode:       pulumi.String("string"),
    	DefaultAppPortAsService:        pulumi.String("string"),
    	DefaultPolicyExpiryDays:        pulumi.Int(0),
    	DefaultVoipAlgMode:             pulumi.String("string"),
    	DenyTcpWithIcmp:                pulumi.String("string"),
    	DetectUnknownEsp:               pulumi.String("string"),
    	Device:                         pulumi.String("string"),
    	Dhcp6ServerIp:                  pulumi.String("string"),
    	DhcpProxy:                      pulumi.String("string"),
    	DhcpProxyInterface:             pulumi.String("string"),
    	DhcpProxyInterfaceSelectMethod: pulumi.String("string"),
    	DhcpServerIp:                   pulumi.String("string"),
    	DiscoveredDeviceTimeout:        pulumi.Int(0),
    	DynAddrSessionCheck:            pulumi.String("string"),
    	DynamicSortSubtable:            pulumi.String("string"),
    	EcmpMaxPaths:                   pulumi.Int(0),
    	EmailPortalCheckDns:            pulumi.String("string"),
    	ExtResourceSessionCheck:        pulumi.String("string"),
    	FirewallSessionDirty:           pulumi.String("string"),
    	FqdnSessionCheck:               pulumi.String("string"),
    	FwSessionHairpin:               pulumi.String("string"),
    	Gateway:                        pulumi.String("string"),
    	Gateway6:                       pulumi.String("string"),
    	GetAllTables:                   pulumi.String("string"),
    	GuiAdvancedPolicy:              pulumi.String("string"),
    	GuiAdvancedWirelessFeatures:    pulumi.String("string"),
    	GuiAllowUnnamedPolicy:          pulumi.String("string"),
    	GuiAntivirus:                   pulumi.String("string"),
    	GuiApProfile:                   pulumi.String("string"),
    	GuiApplicationControl:          pulumi.String("string"),
    	GuiCasb:                        pulumi.String("string"),
    	GuiDefaultPolicyColumns: system.SettingsGuiDefaultPolicyColumnArray{
    		&system.SettingsGuiDefaultPolicyColumnArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	GuiDhcpAdvanced:                 pulumi.String("string"),
    	GuiDlp:                          pulumi.String("string"),
    	GuiDlpProfile:                   pulumi.String("string"),
    	GuiDnsDatabase:                  pulumi.String("string"),
    	GuiDnsfilter:                    pulumi.String("string"),
    	GuiDomainIpReputation:           pulumi.String("string"),
    	GuiDosPolicy:                    pulumi.String("string"),
    	GuiDynamicDeviceOsId:            pulumi.String("string"),
    	GuiDynamicProfileDisplay:        pulumi.String("string"),
    	GuiDynamicRouting:               pulumi.String("string"),
    	GuiEmailCollection:              pulumi.String("string"),
    	GuiEndpointControl:              pulumi.String("string"),
    	GuiEndpointControlAdvanced:      pulumi.String("string"),
    	GuiEnforceChangeSummary:         pulumi.String("string"),
    	GuiExplicitProxy:                pulumi.String("string"),
    	GuiFileFilter:                   pulumi.String("string"),
    	GuiFortiapSplitTunneling:        pulumi.String("string"),
    	GuiFortiextenderController:      pulumi.String("string"),
    	GuiIcap:                         pulumi.String("string"),
    	GuiImplicitPolicy:               pulumi.String("string"),
    	GuiIps:                          pulumi.String("string"),
    	GuiLoadBalance:                  pulumi.String("string"),
    	GuiLocalInPolicy:                pulumi.String("string"),
    	GuiLocalReports:                 pulumi.String("string"),
    	GuiMulticastPolicy:              pulumi.String("string"),
    	GuiMultipleInterfacePolicy:      pulumi.String("string"),
    	GuiMultipleUtmProfiles:          pulumi.String("string"),
    	GuiNat4664:                      pulumi.String("string"),
    	GuiObjectColors:                 pulumi.String("string"),
    	GuiOt:                           pulumi.String("string"),
    	GuiPerPolicyDisclaimer:          pulumi.String("string"),
    	GuiPolicyBasedIpsec:             pulumi.String("string"),
    	GuiPolicyDisclaimer:             pulumi.String("string"),
    	GuiPolicyLearning:               pulumi.String("string"),
    	GuiProxyInspection:              pulumi.String("string"),
    	GuiReplacementMessageGroups:     pulumi.String("string"),
    	GuiRouteTagAddressCreation:      pulumi.String("string"),
    	GuiSecurityProfileGroup:         pulumi.String("string"),
    	GuiSpamfilter:                   pulumi.String("string"),
    	GuiSslvpn:                       pulumi.String("string"),
    	GuiSslvpnPersonalBookmarks:      pulumi.String("string"),
    	GuiSslvpnRealms:                 pulumi.String("string"),
    	GuiSwitchController:             pulumi.String("string"),
    	GuiThreatWeight:                 pulumi.String("string"),
    	GuiTrafficShaping:               pulumi.String("string"),
    	GuiVideofilter:                  pulumi.String("string"),
    	GuiVirtualPatchProfile:          pulumi.String("string"),
    	GuiVoipProfile:                  pulumi.String("string"),
    	GuiVpn:                          pulumi.String("string"),
    	GuiWafProfile:                   pulumi.String("string"),
    	GuiWanLoadBalancing:             pulumi.String("string"),
    	GuiWanoptCache:                  pulumi.String("string"),
    	GuiWebfilter:                    pulumi.String("string"),
    	GuiWebfilterAdvanced:            pulumi.String("string"),
    	GuiWirelessController:           pulumi.String("string"),
    	GuiZtna:                         pulumi.String("string"),
    	H323DirectModel:                 pulumi.String("string"),
    	HttpExternalDest:                pulumi.String("string"),
    	IkeDnFormat:                     pulumi.String("string"),
    	IkeNattPort:                     pulumi.Int(0),
    	IkePolicyRoute:                  pulumi.String("string"),
    	IkePort:                         pulumi.Int(0),
    	IkeQuickCrashDetect:             pulumi.String("string"),
    	IkeSessionResume:                pulumi.String("string"),
    	IkeTcpPort:                      pulumi.Int(0),
    	ImplicitAllowDns:                pulumi.String("string"),
    	InspectionMode:                  pulumi.String("string"),
    	InternetServiceAppCtrlSize:      pulumi.Int(0),
    	InternetServiceDatabaseCache:    pulumi.String("string"),
    	Ip:                              pulumi.String("string"),
    	Ip6:                             pulumi.String("string"),
    	LanExtensionControllerAddr:      pulumi.String("string"),
    	LinkDownAccess:                  pulumi.String("string"),
    	LldpReception:                   pulumi.String("string"),
    	LldpTransmission:                pulumi.String("string"),
    	LocationId:                      pulumi.String("string"),
    	MacTtl:                          pulumi.Int(0),
    	Manageip:                        pulumi.String("string"),
    	Manageip6:                       pulumi.String("string"),
    	MulticastForward:                pulumi.String("string"),
    	MulticastSkipPolicy:             pulumi.String("string"),
    	MulticastTtlNotchange:           pulumi.String("string"),
    	Nat46ForceIpv4PacketForwarding:  pulumi.String("string"),
    	Nat46GenerateIpv6FragmentHeader: pulumi.String("string"),
    	Nat64ForceIpv6PacketForwarding:  pulumi.String("string"),
    	NgfwMode:                        pulumi.String("string"),
    	Opmode:                          pulumi.String("string"),
    	PrpTrailerAction:                pulumi.String("string"),
    	SccpPort:                        pulumi.Int(0),
    	SctpSessionWithoutInit:          pulumi.String("string"),
    	SesDeniedTraffic:                pulumi.String("string"),
    	SipExpectation:                  pulumi.String("string"),
    	SipHelper:                       pulumi.String("string"),
    	SipNatTrace:                     pulumi.String("string"),
    	SipSslPort:                      pulumi.Int(0),
    	SipTcpPort:                      pulumi.Int(0),
    	SipUdpPort:                      pulumi.Int(0),
    	SnatHairpinTraffic:              pulumi.String("string"),
    	SslSshProfile:                   pulumi.String("string"),
    	Status:                          pulumi.String("string"),
    	StrictSrcCheck:                  pulumi.String("string"),
    	TcpSessionWithoutSyn:            pulumi.String("string"),
    	Utf8SpamTagging:                 pulumi.String("string"),
    	V4EcmpMode:                      pulumi.String("string"),
    	VdomType:                        pulumi.String("string"),
    	Vdomparam:                       pulumi.String("string"),
    	VpnStatsLog:                     pulumi.String("string"),
    	VpnStatsPeriod:                  pulumi.Int(0),
    	WccpCacheEngine:                 pulumi.String("string"),
    })
    
    var examplesettingsResourceResourceFromSystemsettings = new Settings("examplesettingsResourceResourceFromSystemsettings", SettingsArgs.builder()
        .allowLinkdownPath("string")
        .allowSubnetOverlap("string")
        .applicationBandwidthTracking("string")
        .asymroute("string")
        .asymroute6("string")
        .asymroute6Icmp("string")
        .asymrouteIcmp("string")
        .auxiliarySession("string")
        .bfd("string")
        .bfdDesiredMinTx(0)
        .bfdDetectMult(0)
        .bfdDontEnforceSrcPort("string")
        .bfdRequiredMinRx(0)
        .blockLandAttack("string")
        .centralNat("string")
        .comments("string")
        .complianceCheck("string")
        .consolidatedFirewallMode("string")
        .defaultAppPortAsService("string")
        .defaultPolicyExpiryDays(0)
        .defaultVoipAlgMode("string")
        .denyTcpWithIcmp("string")
        .detectUnknownEsp("string")
        .device("string")
        .dhcp6ServerIp("string")
        .dhcpProxy("string")
        .dhcpProxyInterface("string")
        .dhcpProxyInterfaceSelectMethod("string")
        .dhcpServerIp("string")
        .discoveredDeviceTimeout(0)
        .dynAddrSessionCheck("string")
        .dynamicSortSubtable("string")
        .ecmpMaxPaths(0)
        .emailPortalCheckDns("string")
        .extResourceSessionCheck("string")
        .firewallSessionDirty("string")
        .fqdnSessionCheck("string")
        .fwSessionHairpin("string")
        .gateway("string")
        .gateway6("string")
        .getAllTables("string")
        .guiAdvancedPolicy("string")
        .guiAdvancedWirelessFeatures("string")
        .guiAllowUnnamedPolicy("string")
        .guiAntivirus("string")
        .guiApProfile("string")
        .guiApplicationControl("string")
        .guiCasb("string")
        .guiDefaultPolicyColumns(SettingsGuiDefaultPolicyColumnArgs.builder()
            .name("string")
            .build())
        .guiDhcpAdvanced("string")
        .guiDlp("string")
        .guiDlpProfile("string")
        .guiDnsDatabase("string")
        .guiDnsfilter("string")
        .guiDomainIpReputation("string")
        .guiDosPolicy("string")
        .guiDynamicDeviceOsId("string")
        .guiDynamicProfileDisplay("string")
        .guiDynamicRouting("string")
        .guiEmailCollection("string")
        .guiEndpointControl("string")
        .guiEndpointControlAdvanced("string")
        .guiEnforceChangeSummary("string")
        .guiExplicitProxy("string")
        .guiFileFilter("string")
        .guiFortiapSplitTunneling("string")
        .guiFortiextenderController("string")
        .guiIcap("string")
        .guiImplicitPolicy("string")
        .guiIps("string")
        .guiLoadBalance("string")
        .guiLocalInPolicy("string")
        .guiLocalReports("string")
        .guiMulticastPolicy("string")
        .guiMultipleInterfacePolicy("string")
        .guiMultipleUtmProfiles("string")
        .guiNat4664("string")
        .guiObjectColors("string")
        .guiOt("string")
        .guiPerPolicyDisclaimer("string")
        .guiPolicyBasedIpsec("string")
        .guiPolicyDisclaimer("string")
        .guiPolicyLearning("string")
        .guiProxyInspection("string")
        .guiReplacementMessageGroups("string")
        .guiRouteTagAddressCreation("string")
        .guiSecurityProfileGroup("string")
        .guiSpamfilter("string")
        .guiSslvpn("string")
        .guiSslvpnPersonalBookmarks("string")
        .guiSslvpnRealms("string")
        .guiSwitchController("string")
        .guiThreatWeight("string")
        .guiTrafficShaping("string")
        .guiVideofilter("string")
        .guiVirtualPatchProfile("string")
        .guiVoipProfile("string")
        .guiVpn("string")
        .guiWafProfile("string")
        .guiWanLoadBalancing("string")
        .guiWanoptCache("string")
        .guiWebfilter("string")
        .guiWebfilterAdvanced("string")
        .guiWirelessController("string")
        .guiZtna("string")
        .h323DirectModel("string")
        .httpExternalDest("string")
        .ikeDnFormat("string")
        .ikeNattPort(0)
        .ikePolicyRoute("string")
        .ikePort(0)
        .ikeQuickCrashDetect("string")
        .ikeSessionResume("string")
        .ikeTcpPort(0)
        .implicitAllowDns("string")
        .inspectionMode("string")
        .internetServiceAppCtrlSize(0)
        .internetServiceDatabaseCache("string")
        .ip("string")
        .ip6("string")
        .lanExtensionControllerAddr("string")
        .linkDownAccess("string")
        .lldpReception("string")
        .lldpTransmission("string")
        .locationId("string")
        .macTtl(0)
        .manageip("string")
        .manageip6("string")
        .multicastForward("string")
        .multicastSkipPolicy("string")
        .multicastTtlNotchange("string")
        .nat46ForceIpv4PacketForwarding("string")
        .nat46GenerateIpv6FragmentHeader("string")
        .nat64ForceIpv6PacketForwarding("string")
        .ngfwMode("string")
        .opmode("string")
        .prpTrailerAction("string")
        .sccpPort(0)
        .sctpSessionWithoutInit("string")
        .sesDeniedTraffic("string")
        .sipExpectation("string")
        .sipHelper("string")
        .sipNatTrace("string")
        .sipSslPort(0)
        .sipTcpPort(0)
        .sipUdpPort(0)
        .snatHairpinTraffic("string")
        .sslSshProfile("string")
        .status("string")
        .strictSrcCheck("string")
        .tcpSessionWithoutSyn("string")
        .utf8SpamTagging("string")
        .v4EcmpMode("string")
        .vdomType("string")
        .vdomparam("string")
        .vpnStatsLog("string")
        .vpnStatsPeriod(0)
        .wccpCacheEngine("string")
        .build());
    
    examplesettings_resource_resource_from_systemsettings = fortios.system.Settings("examplesettingsResourceResourceFromSystemsettings",
        allow_linkdown_path="string",
        allow_subnet_overlap="string",
        application_bandwidth_tracking="string",
        asymroute="string",
        asymroute6="string",
        asymroute6_icmp="string",
        asymroute_icmp="string",
        auxiliary_session="string",
        bfd="string",
        bfd_desired_min_tx=0,
        bfd_detect_mult=0,
        bfd_dont_enforce_src_port="string",
        bfd_required_min_rx=0,
        block_land_attack="string",
        central_nat="string",
        comments="string",
        compliance_check="string",
        consolidated_firewall_mode="string",
        default_app_port_as_service="string",
        default_policy_expiry_days=0,
        default_voip_alg_mode="string",
        deny_tcp_with_icmp="string",
        detect_unknown_esp="string",
        device="string",
        dhcp6_server_ip="string",
        dhcp_proxy="string",
        dhcp_proxy_interface="string",
        dhcp_proxy_interface_select_method="string",
        dhcp_server_ip="string",
        discovered_device_timeout=0,
        dyn_addr_session_check="string",
        dynamic_sort_subtable="string",
        ecmp_max_paths=0,
        email_portal_check_dns="string",
        ext_resource_session_check="string",
        firewall_session_dirty="string",
        fqdn_session_check="string",
        fw_session_hairpin="string",
        gateway="string",
        gateway6="string",
        get_all_tables="string",
        gui_advanced_policy="string",
        gui_advanced_wireless_features="string",
        gui_allow_unnamed_policy="string",
        gui_antivirus="string",
        gui_ap_profile="string",
        gui_application_control="string",
        gui_casb="string",
        gui_default_policy_columns=[{
            "name": "string",
        }],
        gui_dhcp_advanced="string",
        gui_dlp="string",
        gui_dlp_profile="string",
        gui_dns_database="string",
        gui_dnsfilter="string",
        gui_domain_ip_reputation="string",
        gui_dos_policy="string",
        gui_dynamic_device_os_id="string",
        gui_dynamic_profile_display="string",
        gui_dynamic_routing="string",
        gui_email_collection="string",
        gui_endpoint_control="string",
        gui_endpoint_control_advanced="string",
        gui_enforce_change_summary="string",
        gui_explicit_proxy="string",
        gui_file_filter="string",
        gui_fortiap_split_tunneling="string",
        gui_fortiextender_controller="string",
        gui_icap="string",
        gui_implicit_policy="string",
        gui_ips="string",
        gui_load_balance="string",
        gui_local_in_policy="string",
        gui_local_reports="string",
        gui_multicast_policy="string",
        gui_multiple_interface_policy="string",
        gui_multiple_utm_profiles="string",
        gui_nat4664="string",
        gui_object_colors="string",
        gui_ot="string",
        gui_per_policy_disclaimer="string",
        gui_policy_based_ipsec="string",
        gui_policy_disclaimer="string",
        gui_policy_learning="string",
        gui_proxy_inspection="string",
        gui_replacement_message_groups="string",
        gui_route_tag_address_creation="string",
        gui_security_profile_group="string",
        gui_spamfilter="string",
        gui_sslvpn="string",
        gui_sslvpn_personal_bookmarks="string",
        gui_sslvpn_realms="string",
        gui_switch_controller="string",
        gui_threat_weight="string",
        gui_traffic_shaping="string",
        gui_videofilter="string",
        gui_virtual_patch_profile="string",
        gui_voip_profile="string",
        gui_vpn="string",
        gui_waf_profile="string",
        gui_wan_load_balancing="string",
        gui_wanopt_cache="string",
        gui_webfilter="string",
        gui_webfilter_advanced="string",
        gui_wireless_controller="string",
        gui_ztna="string",
        h323_direct_model="string",
        http_external_dest="string",
        ike_dn_format="string",
        ike_natt_port=0,
        ike_policy_route="string",
        ike_port=0,
        ike_quick_crash_detect="string",
        ike_session_resume="string",
        ike_tcp_port=0,
        implicit_allow_dns="string",
        inspection_mode="string",
        internet_service_app_ctrl_size=0,
        internet_service_database_cache="string",
        ip="string",
        ip6="string",
        lan_extension_controller_addr="string",
        link_down_access="string",
        lldp_reception="string",
        lldp_transmission="string",
        location_id="string",
        mac_ttl=0,
        manageip="string",
        manageip6="string",
        multicast_forward="string",
        multicast_skip_policy="string",
        multicast_ttl_notchange="string",
        nat46_force_ipv4_packet_forwarding="string",
        nat46_generate_ipv6_fragment_header="string",
        nat64_force_ipv6_packet_forwarding="string",
        ngfw_mode="string",
        opmode="string",
        prp_trailer_action="string",
        sccp_port=0,
        sctp_session_without_init="string",
        ses_denied_traffic="string",
        sip_expectation="string",
        sip_helper="string",
        sip_nat_trace="string",
        sip_ssl_port=0,
        sip_tcp_port=0,
        sip_udp_port=0,
        snat_hairpin_traffic="string",
        ssl_ssh_profile="string",
        status="string",
        strict_src_check="string",
        tcp_session_without_syn="string",
        utf8_spam_tagging="string",
        v4_ecmp_mode="string",
        vdom_type="string",
        vdomparam="string",
        vpn_stats_log="string",
        vpn_stats_period=0,
        wccp_cache_engine="string")
    
    const examplesettingsResourceResourceFromSystemsettings = new fortios.system.Settings("examplesettingsResourceResourceFromSystemsettings", {
        allowLinkdownPath: "string",
        allowSubnetOverlap: "string",
        applicationBandwidthTracking: "string",
        asymroute: "string",
        asymroute6: "string",
        asymroute6Icmp: "string",
        asymrouteIcmp: "string",
        auxiliarySession: "string",
        bfd: "string",
        bfdDesiredMinTx: 0,
        bfdDetectMult: 0,
        bfdDontEnforceSrcPort: "string",
        bfdRequiredMinRx: 0,
        blockLandAttack: "string",
        centralNat: "string",
        comments: "string",
        complianceCheck: "string",
        consolidatedFirewallMode: "string",
        defaultAppPortAsService: "string",
        defaultPolicyExpiryDays: 0,
        defaultVoipAlgMode: "string",
        denyTcpWithIcmp: "string",
        detectUnknownEsp: "string",
        device: "string",
        dhcp6ServerIp: "string",
        dhcpProxy: "string",
        dhcpProxyInterface: "string",
        dhcpProxyInterfaceSelectMethod: "string",
        dhcpServerIp: "string",
        discoveredDeviceTimeout: 0,
        dynAddrSessionCheck: "string",
        dynamicSortSubtable: "string",
        ecmpMaxPaths: 0,
        emailPortalCheckDns: "string",
        extResourceSessionCheck: "string",
        firewallSessionDirty: "string",
        fqdnSessionCheck: "string",
        fwSessionHairpin: "string",
        gateway: "string",
        gateway6: "string",
        getAllTables: "string",
        guiAdvancedPolicy: "string",
        guiAdvancedWirelessFeatures: "string",
        guiAllowUnnamedPolicy: "string",
        guiAntivirus: "string",
        guiApProfile: "string",
        guiApplicationControl: "string",
        guiCasb: "string",
        guiDefaultPolicyColumns: [{
            name: "string",
        }],
        guiDhcpAdvanced: "string",
        guiDlp: "string",
        guiDlpProfile: "string",
        guiDnsDatabase: "string",
        guiDnsfilter: "string",
        guiDomainIpReputation: "string",
        guiDosPolicy: "string",
        guiDynamicDeviceOsId: "string",
        guiDynamicProfileDisplay: "string",
        guiDynamicRouting: "string",
        guiEmailCollection: "string",
        guiEndpointControl: "string",
        guiEndpointControlAdvanced: "string",
        guiEnforceChangeSummary: "string",
        guiExplicitProxy: "string",
        guiFileFilter: "string",
        guiFortiapSplitTunneling: "string",
        guiFortiextenderController: "string",
        guiIcap: "string",
        guiImplicitPolicy: "string",
        guiIps: "string",
        guiLoadBalance: "string",
        guiLocalInPolicy: "string",
        guiLocalReports: "string",
        guiMulticastPolicy: "string",
        guiMultipleInterfacePolicy: "string",
        guiMultipleUtmProfiles: "string",
        guiNat4664: "string",
        guiObjectColors: "string",
        guiOt: "string",
        guiPerPolicyDisclaimer: "string",
        guiPolicyBasedIpsec: "string",
        guiPolicyDisclaimer: "string",
        guiPolicyLearning: "string",
        guiProxyInspection: "string",
        guiReplacementMessageGroups: "string",
        guiRouteTagAddressCreation: "string",
        guiSecurityProfileGroup: "string",
        guiSpamfilter: "string",
        guiSslvpn: "string",
        guiSslvpnPersonalBookmarks: "string",
        guiSslvpnRealms: "string",
        guiSwitchController: "string",
        guiThreatWeight: "string",
        guiTrafficShaping: "string",
        guiVideofilter: "string",
        guiVirtualPatchProfile: "string",
        guiVoipProfile: "string",
        guiVpn: "string",
        guiWafProfile: "string",
        guiWanLoadBalancing: "string",
        guiWanoptCache: "string",
        guiWebfilter: "string",
        guiWebfilterAdvanced: "string",
        guiWirelessController: "string",
        guiZtna: "string",
        h323DirectModel: "string",
        httpExternalDest: "string",
        ikeDnFormat: "string",
        ikeNattPort: 0,
        ikePolicyRoute: "string",
        ikePort: 0,
        ikeQuickCrashDetect: "string",
        ikeSessionResume: "string",
        ikeTcpPort: 0,
        implicitAllowDns: "string",
        inspectionMode: "string",
        internetServiceAppCtrlSize: 0,
        internetServiceDatabaseCache: "string",
        ip: "string",
        ip6: "string",
        lanExtensionControllerAddr: "string",
        linkDownAccess: "string",
        lldpReception: "string",
        lldpTransmission: "string",
        locationId: "string",
        macTtl: 0,
        manageip: "string",
        manageip6: "string",
        multicastForward: "string",
        multicastSkipPolicy: "string",
        multicastTtlNotchange: "string",
        nat46ForceIpv4PacketForwarding: "string",
        nat46GenerateIpv6FragmentHeader: "string",
        nat64ForceIpv6PacketForwarding: "string",
        ngfwMode: "string",
        opmode: "string",
        prpTrailerAction: "string",
        sccpPort: 0,
        sctpSessionWithoutInit: "string",
        sesDeniedTraffic: "string",
        sipExpectation: "string",
        sipHelper: "string",
        sipNatTrace: "string",
        sipSslPort: 0,
        sipTcpPort: 0,
        sipUdpPort: 0,
        snatHairpinTraffic: "string",
        sslSshProfile: "string",
        status: "string",
        strictSrcCheck: "string",
        tcpSessionWithoutSyn: "string",
        utf8SpamTagging: "string",
        v4EcmpMode: "string",
        vdomType: "string",
        vdomparam: "string",
        vpnStatsLog: "string",
        vpnStatsPeriod: 0,
        wccpCacheEngine: "string",
    });
    
    type: fortios:system:Settings
    properties:
        allowLinkdownPath: string
        allowSubnetOverlap: string
        applicationBandwidthTracking: string
        asymroute: string
        asymroute6: string
        asymroute6Icmp: string
        asymrouteIcmp: string
        auxiliarySession: string
        bfd: string
        bfdDesiredMinTx: 0
        bfdDetectMult: 0
        bfdDontEnforceSrcPort: string
        bfdRequiredMinRx: 0
        blockLandAttack: string
        centralNat: string
        comments: string
        complianceCheck: string
        consolidatedFirewallMode: string
        defaultAppPortAsService: string
        defaultPolicyExpiryDays: 0
        defaultVoipAlgMode: string
        denyTcpWithIcmp: string
        detectUnknownEsp: string
        device: string
        dhcp6ServerIp: string
        dhcpProxy: string
        dhcpProxyInterface: string
        dhcpProxyInterfaceSelectMethod: string
        dhcpServerIp: string
        discoveredDeviceTimeout: 0
        dynAddrSessionCheck: string
        dynamicSortSubtable: string
        ecmpMaxPaths: 0
        emailPortalCheckDns: string
        extResourceSessionCheck: string
        firewallSessionDirty: string
        fqdnSessionCheck: string
        fwSessionHairpin: string
        gateway: string
        gateway6: string
        getAllTables: string
        guiAdvancedPolicy: string
        guiAdvancedWirelessFeatures: string
        guiAllowUnnamedPolicy: string
        guiAntivirus: string
        guiApProfile: string
        guiApplicationControl: string
        guiCasb: string
        guiDefaultPolicyColumns:
            - name: string
        guiDhcpAdvanced: string
        guiDlp: string
        guiDlpProfile: string
        guiDnsDatabase: string
        guiDnsfilter: string
        guiDomainIpReputation: string
        guiDosPolicy: string
        guiDynamicDeviceOsId: string
        guiDynamicProfileDisplay: string
        guiDynamicRouting: string
        guiEmailCollection: string
        guiEndpointControl: string
        guiEndpointControlAdvanced: string
        guiEnforceChangeSummary: string
        guiExplicitProxy: string
        guiFileFilter: string
        guiFortiapSplitTunneling: string
        guiFortiextenderController: string
        guiIcap: string
        guiImplicitPolicy: string
        guiIps: string
        guiLoadBalance: string
        guiLocalInPolicy: string
        guiLocalReports: string
        guiMulticastPolicy: string
        guiMultipleInterfacePolicy: string
        guiMultipleUtmProfiles: string
        guiNat4664: string
        guiObjectColors: string
        guiOt: string
        guiPerPolicyDisclaimer: string
        guiPolicyBasedIpsec: string
        guiPolicyDisclaimer: string
        guiPolicyLearning: string
        guiProxyInspection: string
        guiReplacementMessageGroups: string
        guiRouteTagAddressCreation: string
        guiSecurityProfileGroup: string
        guiSpamfilter: string
        guiSslvpn: string
        guiSslvpnPersonalBookmarks: string
        guiSslvpnRealms: string
        guiSwitchController: string
        guiThreatWeight: string
        guiTrafficShaping: string
        guiVideofilter: string
        guiVirtualPatchProfile: string
        guiVoipProfile: string
        guiVpn: string
        guiWafProfile: string
        guiWanLoadBalancing: string
        guiWanoptCache: string
        guiWebfilter: string
        guiWebfilterAdvanced: string
        guiWirelessController: string
        guiZtna: string
        h323DirectModel: string
        httpExternalDest: string
        ikeDnFormat: string
        ikeNattPort: 0
        ikePolicyRoute: string
        ikePort: 0
        ikeQuickCrashDetect: string
        ikeSessionResume: string
        ikeTcpPort: 0
        implicitAllowDns: string
        inspectionMode: string
        internetServiceAppCtrlSize: 0
        internetServiceDatabaseCache: string
        ip: string
        ip6: string
        lanExtensionControllerAddr: string
        linkDownAccess: string
        lldpReception: string
        lldpTransmission: string
        locationId: string
        macTtl: 0
        manageip: string
        manageip6: string
        multicastForward: string
        multicastSkipPolicy: string
        multicastTtlNotchange: string
        nat46ForceIpv4PacketForwarding: string
        nat46GenerateIpv6FragmentHeader: string
        nat64ForceIpv6PacketForwarding: string
        ngfwMode: string
        opmode: string
        prpTrailerAction: string
        sccpPort: 0
        sctpSessionWithoutInit: string
        sesDeniedTraffic: string
        sipExpectation: string
        sipHelper: string
        sipNatTrace: string
        sipSslPort: 0
        sipTcpPort: 0
        sipUdpPort: 0
        snatHairpinTraffic: string
        sslSshProfile: string
        status: string
        strictSrcCheck: string
        tcpSessionWithoutSyn: string
        utf8SpamTagging: string
        v4EcmpMode: string
        vdomType: string
        vdomparam: string
        vpnStatsLog: string
        vpnStatsPeriod: 0
        wccpCacheEngine: string
    

    Settings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Settings resource accepts the following input properties:

    AllowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    AllowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    ApplicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    Asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    Asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    Asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    AsymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    AuxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    Bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    BfdDesiredMinTx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BfdDetectMult int
    BFD detection multiplier (1 - 50, default = 3).
    BfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    BfdRequiredMinRx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BlockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    CentralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    Comments string
    VDOM comments.
    ComplianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    ConsolidatedFirewallMode string
    Consolidated firewall mode.
    DefaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    DefaultPolicyExpiryDays int
    Default policy expiry in days (0 - 365 days, default = 30).
    DefaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    DenyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    DetectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    Device string
    Interface to use for management access for NAT mode.
    Dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    DhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    DhcpProxyInterface string
    Specify outgoing interface to reach server.
    DhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    DhcpServerIp string
    DHCP Server IPv4 address.
    DiscoveredDeviceTimeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    DynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EcmpMaxPaths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    EmailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ExtResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    FirewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    FqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    FwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    Gateway string
    Transparent mode IPv4 default gateway IP address.
    Gateway6 string
    Transparent mode IPv4 default gateway IP address.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    GuiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    GuiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    GuiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    GuiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    GuiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    GuiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    GuiDefaultPolicyColumns List<Pulumiverse.Fortios.System.Inputs.SettingsGuiDefaultPolicyColumn>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    GuiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    GuiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    GuiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    GuiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    GuiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    GuiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    GuiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    GuiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    GuiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    GuiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    GuiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    GuiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    GuiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    GuiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    GuiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    GuiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    GuiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    GuiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    GuiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    GuiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    GuiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    GuiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    GuiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    GuiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    GuiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    GuiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    GuiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    GuiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    GuiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    GuiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    GuiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    GuiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    GuiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    GuiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    GuiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    GuiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    GuiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    GuiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    GuiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    GuiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    GuiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    GuiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    GuiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    GuiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    GuiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    GuiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    GuiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    GuiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    GuiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    GuiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    GuiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    GuiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    H323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    HttpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    IkeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    IkeNattPort int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    IkePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    IkePort int
    UDP port for IKE/IPsec traffic (default 500).
    IkeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    IkeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    IkeTcpPort int
    TCP port for IKE/IPsec traffic (default 4500).
    ImplicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    InspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    InternetServiceAppCtrlSize int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    InternetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    Ip string
    IP address and netmask.
    Ip6 string
    IPv6 address prefix for NAT mode.
    LanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    LinkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LocationId string
    Local location ID in the form of an IPv4 address.
    MacTtl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    Manageip string
    Transparent mode IPv4 management IP address and netmask.
    Manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    MulticastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    MulticastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    Nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    Nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    Nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    NgfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    Opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    PrpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    SccpPort int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    SctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    SesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    SipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    SipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    SipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    SipSslPort int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    SipTcpPort int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SipUdpPort int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SnatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    SslSshProfile string
    Profile for SSL/SSH inspection.
    Status string
    Enable/disable this VDOM. Valid values: enable, disable.
    StrictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    TcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    Utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    V4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    VdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    VpnStatsPeriod int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    WccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    AllowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    AllowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    ApplicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    Asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    Asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    Asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    AsymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    AuxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    Bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    BfdDesiredMinTx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BfdDetectMult int
    BFD detection multiplier (1 - 50, default = 3).
    BfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    BfdRequiredMinRx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BlockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    CentralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    Comments string
    VDOM comments.
    ComplianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    ConsolidatedFirewallMode string
    Consolidated firewall mode.
    DefaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    DefaultPolicyExpiryDays int
    Default policy expiry in days (0 - 365 days, default = 30).
    DefaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    DenyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    DetectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    Device string
    Interface to use for management access for NAT mode.
    Dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    DhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    DhcpProxyInterface string
    Specify outgoing interface to reach server.
    DhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    DhcpServerIp string
    DHCP Server IPv4 address.
    DiscoveredDeviceTimeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    DynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EcmpMaxPaths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    EmailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ExtResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    FirewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    FqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    FwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    Gateway string
    Transparent mode IPv4 default gateway IP address.
    Gateway6 string
    Transparent mode IPv4 default gateway IP address.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    GuiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    GuiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    GuiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    GuiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    GuiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    GuiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    GuiDefaultPolicyColumns []SettingsGuiDefaultPolicyColumnArgs
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    GuiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    GuiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    GuiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    GuiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    GuiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    GuiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    GuiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    GuiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    GuiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    GuiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    GuiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    GuiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    GuiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    GuiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    GuiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    GuiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    GuiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    GuiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    GuiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    GuiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    GuiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    GuiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    GuiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    GuiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    GuiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    GuiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    GuiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    GuiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    GuiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    GuiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    GuiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    GuiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    GuiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    GuiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    GuiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    GuiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    GuiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    GuiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    GuiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    GuiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    GuiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    GuiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    GuiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    GuiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    GuiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    GuiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    GuiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    GuiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    GuiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    GuiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    GuiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    GuiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    H323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    HttpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    IkeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    IkeNattPort int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    IkePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    IkePort int
    UDP port for IKE/IPsec traffic (default 500).
    IkeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    IkeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    IkeTcpPort int
    TCP port for IKE/IPsec traffic (default 4500).
    ImplicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    InspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    InternetServiceAppCtrlSize int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    InternetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    Ip string
    IP address and netmask.
    Ip6 string
    IPv6 address prefix for NAT mode.
    LanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    LinkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LocationId string
    Local location ID in the form of an IPv4 address.
    MacTtl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    Manageip string
    Transparent mode IPv4 management IP address and netmask.
    Manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    MulticastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    MulticastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    Nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    Nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    Nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    NgfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    Opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    PrpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    SccpPort int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    SctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    SesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    SipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    SipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    SipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    SipSslPort int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    SipTcpPort int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SipUdpPort int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SnatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    SslSshProfile string
    Profile for SSL/SSH inspection.
    Status string
    Enable/disable this VDOM. Valid values: enable, disable.
    StrictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    TcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    Utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    V4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    VdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    VpnStatsPeriod int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    WccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath String
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap String
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking String
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute String
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 String
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp String
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp String
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession String
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd String
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx Integer
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult Integer
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort String
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx Integer
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack String
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat String
    Enable/disable central NAT. Valid values: enable, disable.
    comments String
    VDOM comments.
    complianceCheck String
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode String
    Consolidated firewall mode.
    defaultAppPortAsService String
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays Integer
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode String
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp String
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp String
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device String
    Interface to use for management access for NAT mode.
    dhcp6ServerIp String
    DHCPv6 server IPv6 address.
    dhcpProxy String
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface String
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp String
    DHCP Server IPv4 address.
    discoveredDeviceTimeout Integer
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck String
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths Integer
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns String
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck String
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty String
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck String
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin String
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway String
    Transparent mode IPv4 default gateway IP address.
    gateway6 String
    Transparent mode IPv4 default gateway IP address.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy String
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures String
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy String
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus String
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile String
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl String
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb String
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns List<SettingsGuiDefaultPolicyColumn>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced String
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp String
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile String
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase String
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter String
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation String
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy String
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId String
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay String
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting String
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection String
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl String
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced String
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary String
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy String
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter String
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling String
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController String
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap String
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy String
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps String
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance String
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy String
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports String
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy String
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy String
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles String
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 String
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors String
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt String
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec String
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning String
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection String
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation String
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup String
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter String
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn String
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks String
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms String
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController String
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight String
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping String
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter String
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile String
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile String
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn String
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile String
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing String
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache String
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter String
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced String
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController String
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna String
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel String
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest String
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat String
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort Integer
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute String
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort Integer
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect String
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume String
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort Integer
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns String
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode String
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize Integer
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache String
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip String
    IP address and netmask.
    ip6 String
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr String
    Controller IP address or FQDN to connect.
    linkDownAccess String
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId String
    Local location ID in the form of an IPv4 address.
    macTtl Integer
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip String
    Transparent mode IPv4 management IP address and netmask.
    manageip6 String
    Transparent mode IPv6 management IP address and netmask.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy String
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange String
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding String
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader String
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding String
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode String
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode String
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction String
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort Integer
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit String
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic String
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation String
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper String
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace String
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort Integer
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort Integer
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort Integer
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic String
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile String
    Profile for SSL/SSH inspection.
    status String
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck String
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn String
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging String
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode String
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType String
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog String
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod Integer
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine String
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx number
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult number
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx number
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    comments string
    VDOM comments.
    complianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode string
    Consolidated firewall mode.
    defaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays number
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device string
    Interface to use for management access for NAT mode.
    dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    dhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface string
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp string
    DHCP Server IPv4 address.
    discoveredDeviceTimeout number
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths number
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway string
    Transparent mode IPv4 default gateway IP address.
    gateway6 string
    Transparent mode IPv4 default gateway IP address.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns SettingsGuiDefaultPolicyColumn[]
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort number
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort number
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort number
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize number
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip string
    IP address and netmask.
    ip6 string
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    linkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId string
    Local location ID in the form of an IPv4 address.
    macTtl number
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip string
    Transparent mode IPv4 management IP address and netmask.
    manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    multicastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort number
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort number
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort number
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort number
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile string
    Profile for SSL/SSH inspection.
    status string
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod number
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allow_linkdown_path str
    Enable/disable link down path. Valid values: enable, disable.
    allow_subnet_overlap str
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    application_bandwidth_tracking str
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute str
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 str
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6_icmp str
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymroute_icmp str
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliary_session str
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd str
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfd_desired_min_tx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfd_detect_mult int
    BFD detection multiplier (1 - 50, default = 3).
    bfd_dont_enforce_src_port str
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfd_required_min_rx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    block_land_attack str
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    central_nat str
    Enable/disable central NAT. Valid values: enable, disable.
    comments str
    VDOM comments.
    compliance_check str
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidated_firewall_mode str
    Consolidated firewall mode.
    default_app_port_as_service str
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    default_policy_expiry_days int
    Default policy expiry in days (0 - 365 days, default = 30).
    default_voip_alg_mode str
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    deny_tcp_with_icmp str
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detect_unknown_esp str
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device str
    Interface to use for management access for NAT mode.
    dhcp6_server_ip str
    DHCPv6 server IPv6 address.
    dhcp_proxy str
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcp_proxy_interface str
    Specify outgoing interface to reach server.
    dhcp_proxy_interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcp_server_ip str
    DHCP Server IPv4 address.
    discovered_device_timeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    dyn_addr_session_check str
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmp_max_paths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    email_portal_check_dns str
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ext_resource_session_check str
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewall_session_dirty str
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdn_session_check str
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fw_session_hairpin str
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway str
    Transparent mode IPv4 default gateway IP address.
    gateway6 str
    Transparent mode IPv4 default gateway IP address.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gui_advanced_policy str
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    gui_advanced_wireless_features str
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    gui_allow_unnamed_policy str
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    gui_antivirus str
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    gui_ap_profile str
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    gui_application_control str
    Enable/disable application control on the GUI. Valid values: enable, disable.
    gui_casb str
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    gui_default_policy_columns Sequence[SettingsGuiDefaultPolicyColumnArgs]
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    gui_dhcp_advanced str
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    gui_dlp str
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    gui_dlp_profile str
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    gui_dns_database str
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    gui_dnsfilter str
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    gui_domain_ip_reputation str
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    gui_dos_policy str
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    gui_dynamic_device_os_id str
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    gui_dynamic_profile_display str
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    gui_dynamic_routing str
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    gui_email_collection str
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    gui_endpoint_control str
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    gui_endpoint_control_advanced str
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    gui_enforce_change_summary str
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    gui_explicit_proxy str
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    gui_file_filter str
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    gui_fortiap_split_tunneling str
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    gui_fortiextender_controller str
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    gui_icap str
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    gui_implicit_policy str
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    gui_ips str
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    gui_load_balance str
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    gui_local_in_policy str
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    gui_local_reports str
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    gui_multicast_policy str
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    gui_multiple_interface_policy str
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    gui_multiple_utm_profiles str
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    gui_nat4664 str
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    gui_object_colors str
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    gui_ot str
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    gui_per_policy_disclaimer str
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    gui_policy_based_ipsec str
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    gui_policy_disclaimer str
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    gui_policy_learning str
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    gui_proxy_inspection str
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    gui_replacement_message_groups str
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    gui_route_tag_address_creation str
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    gui_security_profile_group str
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    gui_spamfilter str
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    gui_sslvpn str
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    gui_sslvpn_personal_bookmarks str
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    gui_sslvpn_realms str
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    gui_switch_controller str
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    gui_threat_weight str
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    gui_traffic_shaping str
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    gui_videofilter str
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    gui_virtual_patch_profile str
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    gui_voip_profile str
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    gui_vpn str
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    gui_waf_profile str
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    gui_wan_load_balancing str
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    gui_wanopt_cache str
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    gui_webfilter str
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    gui_webfilter_advanced str
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    gui_wireless_controller str
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    gui_ztna str
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323_direct_model str
    Enable/disable H323 direct model. Valid values: disable, enable.
    http_external_dest str
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ike_dn_format str
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ike_natt_port int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ike_policy_route str
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ike_port int
    UDP port for IKE/IPsec traffic (default 500).
    ike_quick_crash_detect str
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ike_session_resume str
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ike_tcp_port int
    TCP port for IKE/IPsec traffic (default 4500).
    implicit_allow_dns str
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspection_mode str
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internet_service_app_ctrl_size int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internet_service_database_cache str
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip str
    IP address and netmask.
    ip6 str
    IPv6 address prefix for NAT mode.
    lan_extension_controller_addr str
    Controller IP address or FQDN to connect.
    link_down_access str
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldp_reception str
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldp_transmission str
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    location_id str
    Local location ID in the form of an IPv4 address.
    mac_ttl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip str
    Transparent mode IPv4 management IP address and netmask.
    manageip6 str
    Transparent mode IPv6 management IP address and netmask.
    multicast_forward str
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicast_skip_policy str
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicast_ttl_notchange str
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46_force_ipv4_packet_forwarding str
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46_generate_ipv6_fragment_header str
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64_force_ipv6_packet_forwarding str
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfw_mode str
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode str
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prp_trailer_action str
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccp_port int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctp_session_without_init str
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    ses_denied_traffic str
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sip_expectation str
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sip_helper str
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sip_nat_trace str
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sip_ssl_port int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sip_tcp_port int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sip_udp_port int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snat_hairpin_traffic str
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    ssl_ssh_profile str
    Profile for SSL/SSH inspection.
    status str
    Enable/disable this VDOM. Valid values: enable, disable.
    strict_src_check str
    Enable/disable strict source verification. Valid values: enable, disable.
    tcp_session_without_syn str
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8_spam_tagging str
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4_ecmp_mode str
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdom_type str
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpn_stats_log str
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpn_stats_period int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccp_cache_engine str
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath String
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap String
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking String
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute String
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 String
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp String
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp String
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession String
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd String
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx Number
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult Number
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort String
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx Number
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack String
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat String
    Enable/disable central NAT. Valid values: enable, disable.
    comments String
    VDOM comments.
    complianceCheck String
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode String
    Consolidated firewall mode.
    defaultAppPortAsService String
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays Number
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode String
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp String
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp String
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device String
    Interface to use for management access for NAT mode.
    dhcp6ServerIp String
    DHCPv6 server IPv6 address.
    dhcpProxy String
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface String
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp String
    DHCP Server IPv4 address.
    discoveredDeviceTimeout Number
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck String
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths Number
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns String
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck String
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty String
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck String
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin String
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway String
    Transparent mode IPv4 default gateway IP address.
    gateway6 String
    Transparent mode IPv4 default gateway IP address.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy String
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures String
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy String
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus String
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile String
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl String
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb String
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns List<Property Map>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced String
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp String
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile String
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase String
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter String
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation String
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy String
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId String
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay String
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting String
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection String
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl String
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced String
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary String
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy String
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter String
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling String
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController String
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap String
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy String
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps String
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance String
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy String
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports String
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy String
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy String
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles String
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 String
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors String
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt String
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec String
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning String
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection String
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation String
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup String
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter String
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn String
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks String
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms String
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController String
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight String
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping String
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter String
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile String
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile String
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn String
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile String
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing String
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache String
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter String
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced String
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController String
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna String
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel String
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest String
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat String
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort Number
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute String
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort Number
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect String
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume String
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort Number
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns String
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode String
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize Number
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache String
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip String
    IP address and netmask.
    ip6 String
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr String
    Controller IP address or FQDN to connect.
    linkDownAccess String
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId String
    Local location ID in the form of an IPv4 address.
    macTtl Number
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip String
    Transparent mode IPv4 management IP address and netmask.
    manageip6 String
    Transparent mode IPv6 management IP address and netmask.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy String
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange String
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding String
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader String
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding String
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode String
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode String
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction String
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort Number
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit String
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic String
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation String
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper String
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace String
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort Number
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort Number
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort Number
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic String
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile String
    Profile for SSL/SSH inspection.
    status String
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck String
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn String
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging String
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode String
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType String
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog String
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod Number
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine String
    Enable/disable WCCP cache engine. Valid values: enable, disable.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Settings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Settings Resource

    Get an existing Settings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SettingsState, opts?: CustomResourceOptions): Settings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_linkdown_path: Optional[str] = None,
            allow_subnet_overlap: Optional[str] = None,
            application_bandwidth_tracking: Optional[str] = None,
            asymroute: Optional[str] = None,
            asymroute6: Optional[str] = None,
            asymroute6_icmp: Optional[str] = None,
            asymroute_icmp: Optional[str] = None,
            auxiliary_session: Optional[str] = None,
            bfd: Optional[str] = None,
            bfd_desired_min_tx: Optional[int] = None,
            bfd_detect_mult: Optional[int] = None,
            bfd_dont_enforce_src_port: Optional[str] = None,
            bfd_required_min_rx: Optional[int] = None,
            block_land_attack: Optional[str] = None,
            central_nat: Optional[str] = None,
            comments: Optional[str] = None,
            compliance_check: Optional[str] = None,
            consolidated_firewall_mode: Optional[str] = None,
            default_app_port_as_service: Optional[str] = None,
            default_policy_expiry_days: Optional[int] = None,
            default_voip_alg_mode: Optional[str] = None,
            deny_tcp_with_icmp: Optional[str] = None,
            detect_unknown_esp: Optional[str] = None,
            device: Optional[str] = None,
            dhcp6_server_ip: Optional[str] = None,
            dhcp_proxy: Optional[str] = None,
            dhcp_proxy_interface: Optional[str] = None,
            dhcp_proxy_interface_select_method: Optional[str] = None,
            dhcp_server_ip: Optional[str] = None,
            discovered_device_timeout: Optional[int] = None,
            dyn_addr_session_check: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            ecmp_max_paths: Optional[int] = None,
            email_portal_check_dns: Optional[str] = None,
            ext_resource_session_check: Optional[str] = None,
            firewall_session_dirty: Optional[str] = None,
            fqdn_session_check: Optional[str] = None,
            fw_session_hairpin: Optional[str] = None,
            gateway: Optional[str] = None,
            gateway6: Optional[str] = None,
            get_all_tables: Optional[str] = None,
            gui_advanced_policy: Optional[str] = None,
            gui_advanced_wireless_features: Optional[str] = None,
            gui_allow_unnamed_policy: Optional[str] = None,
            gui_antivirus: Optional[str] = None,
            gui_ap_profile: Optional[str] = None,
            gui_application_control: Optional[str] = None,
            gui_casb: Optional[str] = None,
            gui_default_policy_columns: Optional[Sequence[SettingsGuiDefaultPolicyColumnArgs]] = None,
            gui_dhcp_advanced: Optional[str] = None,
            gui_dlp: Optional[str] = None,
            gui_dlp_profile: Optional[str] = None,
            gui_dns_database: Optional[str] = None,
            gui_dnsfilter: Optional[str] = None,
            gui_domain_ip_reputation: Optional[str] = None,
            gui_dos_policy: Optional[str] = None,
            gui_dynamic_device_os_id: Optional[str] = None,
            gui_dynamic_profile_display: Optional[str] = None,
            gui_dynamic_routing: Optional[str] = None,
            gui_email_collection: Optional[str] = None,
            gui_endpoint_control: Optional[str] = None,
            gui_endpoint_control_advanced: Optional[str] = None,
            gui_enforce_change_summary: Optional[str] = None,
            gui_explicit_proxy: Optional[str] = None,
            gui_file_filter: Optional[str] = None,
            gui_fortiap_split_tunneling: Optional[str] = None,
            gui_fortiextender_controller: Optional[str] = None,
            gui_icap: Optional[str] = None,
            gui_implicit_policy: Optional[str] = None,
            gui_ips: Optional[str] = None,
            gui_load_balance: Optional[str] = None,
            gui_local_in_policy: Optional[str] = None,
            gui_local_reports: Optional[str] = None,
            gui_multicast_policy: Optional[str] = None,
            gui_multiple_interface_policy: Optional[str] = None,
            gui_multiple_utm_profiles: Optional[str] = None,
            gui_nat4664: Optional[str] = None,
            gui_object_colors: Optional[str] = None,
            gui_ot: Optional[str] = None,
            gui_per_policy_disclaimer: Optional[str] = None,
            gui_policy_based_ipsec: Optional[str] = None,
            gui_policy_disclaimer: Optional[str] = None,
            gui_policy_learning: Optional[str] = None,
            gui_proxy_inspection: Optional[str] = None,
            gui_replacement_message_groups: Optional[str] = None,
            gui_route_tag_address_creation: Optional[str] = None,
            gui_security_profile_group: Optional[str] = None,
            gui_spamfilter: Optional[str] = None,
            gui_sslvpn: Optional[str] = None,
            gui_sslvpn_personal_bookmarks: Optional[str] = None,
            gui_sslvpn_realms: Optional[str] = None,
            gui_switch_controller: Optional[str] = None,
            gui_threat_weight: Optional[str] = None,
            gui_traffic_shaping: Optional[str] = None,
            gui_videofilter: Optional[str] = None,
            gui_virtual_patch_profile: Optional[str] = None,
            gui_voip_profile: Optional[str] = None,
            gui_vpn: Optional[str] = None,
            gui_waf_profile: Optional[str] = None,
            gui_wan_load_balancing: Optional[str] = None,
            gui_wanopt_cache: Optional[str] = None,
            gui_webfilter: Optional[str] = None,
            gui_webfilter_advanced: Optional[str] = None,
            gui_wireless_controller: Optional[str] = None,
            gui_ztna: Optional[str] = None,
            h323_direct_model: Optional[str] = None,
            http_external_dest: Optional[str] = None,
            ike_dn_format: Optional[str] = None,
            ike_natt_port: Optional[int] = None,
            ike_policy_route: Optional[str] = None,
            ike_port: Optional[int] = None,
            ike_quick_crash_detect: Optional[str] = None,
            ike_session_resume: Optional[str] = None,
            ike_tcp_port: Optional[int] = None,
            implicit_allow_dns: Optional[str] = None,
            inspection_mode: Optional[str] = None,
            internet_service_app_ctrl_size: Optional[int] = None,
            internet_service_database_cache: Optional[str] = None,
            ip: Optional[str] = None,
            ip6: Optional[str] = None,
            lan_extension_controller_addr: Optional[str] = None,
            link_down_access: Optional[str] = None,
            lldp_reception: Optional[str] = None,
            lldp_transmission: Optional[str] = None,
            location_id: Optional[str] = None,
            mac_ttl: Optional[int] = None,
            manageip: Optional[str] = None,
            manageip6: Optional[str] = None,
            multicast_forward: Optional[str] = None,
            multicast_skip_policy: Optional[str] = None,
            multicast_ttl_notchange: Optional[str] = None,
            nat46_force_ipv4_packet_forwarding: Optional[str] = None,
            nat46_generate_ipv6_fragment_header: Optional[str] = None,
            nat64_force_ipv6_packet_forwarding: Optional[str] = None,
            ngfw_mode: Optional[str] = None,
            opmode: Optional[str] = None,
            prp_trailer_action: Optional[str] = None,
            sccp_port: Optional[int] = None,
            sctp_session_without_init: Optional[str] = None,
            ses_denied_traffic: Optional[str] = None,
            sip_expectation: Optional[str] = None,
            sip_helper: Optional[str] = None,
            sip_nat_trace: Optional[str] = None,
            sip_ssl_port: Optional[int] = None,
            sip_tcp_port: Optional[int] = None,
            sip_udp_port: Optional[int] = None,
            snat_hairpin_traffic: Optional[str] = None,
            ssl_ssh_profile: Optional[str] = None,
            status: Optional[str] = None,
            strict_src_check: Optional[str] = None,
            tcp_session_without_syn: Optional[str] = None,
            utf8_spam_tagging: Optional[str] = None,
            v4_ecmp_mode: Optional[str] = None,
            vdom_type: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vpn_stats_log: Optional[str] = None,
            vpn_stats_period: Optional[int] = None,
            wccp_cache_engine: Optional[str] = None) -> Settings
    func GetSettings(ctx *Context, name string, id IDInput, state *SettingsState, opts ...ResourceOption) (*Settings, error)
    public static Settings Get(string name, Input<string> id, SettingsState? state, CustomResourceOptions? opts = null)
    public static Settings get(String name, Output<String> id, SettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    AllowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    ApplicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    Asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    Asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    Asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    AsymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    AuxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    Bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    BfdDesiredMinTx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BfdDetectMult int
    BFD detection multiplier (1 - 50, default = 3).
    BfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    BfdRequiredMinRx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BlockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    CentralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    Comments string
    VDOM comments.
    ComplianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    ConsolidatedFirewallMode string
    Consolidated firewall mode.
    DefaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    DefaultPolicyExpiryDays int
    Default policy expiry in days (0 - 365 days, default = 30).
    DefaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    DenyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    DetectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    Device string
    Interface to use for management access for NAT mode.
    Dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    DhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    DhcpProxyInterface string
    Specify outgoing interface to reach server.
    DhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    DhcpServerIp string
    DHCP Server IPv4 address.
    DiscoveredDeviceTimeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    DynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EcmpMaxPaths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    EmailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ExtResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    FirewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    FqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    FwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    Gateway string
    Transparent mode IPv4 default gateway IP address.
    Gateway6 string
    Transparent mode IPv4 default gateway IP address.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    GuiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    GuiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    GuiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    GuiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    GuiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    GuiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    GuiDefaultPolicyColumns List<Pulumiverse.Fortios.System.Inputs.SettingsGuiDefaultPolicyColumn>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    GuiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    GuiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    GuiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    GuiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    GuiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    GuiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    GuiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    GuiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    GuiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    GuiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    GuiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    GuiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    GuiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    GuiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    GuiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    GuiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    GuiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    GuiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    GuiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    GuiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    GuiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    GuiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    GuiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    GuiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    GuiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    GuiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    GuiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    GuiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    GuiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    GuiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    GuiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    GuiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    GuiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    GuiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    GuiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    GuiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    GuiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    GuiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    GuiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    GuiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    GuiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    GuiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    GuiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    GuiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    GuiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    GuiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    GuiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    GuiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    GuiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    GuiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    GuiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    GuiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    H323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    HttpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    IkeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    IkeNattPort int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    IkePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    IkePort int
    UDP port for IKE/IPsec traffic (default 500).
    IkeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    IkeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    IkeTcpPort int
    TCP port for IKE/IPsec traffic (default 4500).
    ImplicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    InspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    InternetServiceAppCtrlSize int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    InternetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    Ip string
    IP address and netmask.
    Ip6 string
    IPv6 address prefix for NAT mode.
    LanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    LinkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LocationId string
    Local location ID in the form of an IPv4 address.
    MacTtl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    Manageip string
    Transparent mode IPv4 management IP address and netmask.
    Manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    MulticastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    MulticastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    Nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    Nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    Nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    NgfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    Opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    PrpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    SccpPort int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    SctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    SesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    SipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    SipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    SipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    SipSslPort int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    SipTcpPort int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SipUdpPort int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SnatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    SslSshProfile string
    Profile for SSL/SSH inspection.
    Status string
    Enable/disable this VDOM. Valid values: enable, disable.
    StrictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    TcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    Utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    V4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    VdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    VpnStatsPeriod int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    WccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    AllowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    AllowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    ApplicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    Asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    Asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    Asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    AsymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    AuxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    Bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    BfdDesiredMinTx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BfdDetectMult int
    BFD detection multiplier (1 - 50, default = 3).
    BfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    BfdRequiredMinRx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    BlockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    CentralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    Comments string
    VDOM comments.
    ComplianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    ConsolidatedFirewallMode string
    Consolidated firewall mode.
    DefaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    DefaultPolicyExpiryDays int
    Default policy expiry in days (0 - 365 days, default = 30).
    DefaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    DenyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    DetectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    Device string
    Interface to use for management access for NAT mode.
    Dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    DhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    DhcpProxyInterface string
    Specify outgoing interface to reach server.
    DhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    DhcpServerIp string
    DHCP Server IPv4 address.
    DiscoveredDeviceTimeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    DynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    EcmpMaxPaths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    EmailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ExtResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    FirewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    FqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    FwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    Gateway string
    Transparent mode IPv4 default gateway IP address.
    Gateway6 string
    Transparent mode IPv4 default gateway IP address.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GuiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    GuiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    GuiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    GuiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    GuiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    GuiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    GuiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    GuiDefaultPolicyColumns []SettingsGuiDefaultPolicyColumnArgs
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    GuiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    GuiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    GuiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    GuiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    GuiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    GuiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    GuiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    GuiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    GuiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    GuiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    GuiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    GuiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    GuiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    GuiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    GuiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    GuiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    GuiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    GuiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    GuiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    GuiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    GuiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    GuiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    GuiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    GuiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    GuiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    GuiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    GuiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    GuiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    GuiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    GuiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    GuiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    GuiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    GuiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    GuiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    GuiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    GuiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    GuiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    GuiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    GuiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    GuiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    GuiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    GuiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    GuiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    GuiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    GuiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    GuiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    GuiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    GuiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    GuiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    GuiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    GuiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    GuiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    GuiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    GuiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    GuiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    H323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    HttpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    IkeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    IkeNattPort int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    IkePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    IkePort int
    UDP port for IKE/IPsec traffic (default 500).
    IkeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    IkeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    IkeTcpPort int
    TCP port for IKE/IPsec traffic (default 4500).
    ImplicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    InspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    InternetServiceAppCtrlSize int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    InternetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    Ip string
    IP address and netmask.
    Ip6 string
    IPv6 address prefix for NAT mode.
    LanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    LinkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    LldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    LocationId string
    Local location ID in the form of an IPv4 address.
    MacTtl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    Manageip string
    Transparent mode IPv4 management IP address and netmask.
    Manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    MulticastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    MulticastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    MulticastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    Nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    Nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    Nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    NgfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    Opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    PrpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    SccpPort int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    SctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    SesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    SipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    SipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    SipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    SipSslPort int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    SipTcpPort int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SipUdpPort int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    SnatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    SslSshProfile string
    Profile for SSL/SSH inspection.
    Status string
    Enable/disable this VDOM. Valid values: enable, disable.
    StrictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    TcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    Utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    V4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    VdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    VpnStatsPeriod int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    WccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath String
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap String
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking String
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute String
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 String
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp String
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp String
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession String
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd String
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx Integer
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult Integer
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort String
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx Integer
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack String
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat String
    Enable/disable central NAT. Valid values: enable, disable.
    comments String
    VDOM comments.
    complianceCheck String
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode String
    Consolidated firewall mode.
    defaultAppPortAsService String
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays Integer
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode String
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp String
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp String
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device String
    Interface to use for management access for NAT mode.
    dhcp6ServerIp String
    DHCPv6 server IPv6 address.
    dhcpProxy String
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface String
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp String
    DHCP Server IPv4 address.
    discoveredDeviceTimeout Integer
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck String
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths Integer
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns String
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck String
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty String
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck String
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin String
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway String
    Transparent mode IPv4 default gateway IP address.
    gateway6 String
    Transparent mode IPv4 default gateway IP address.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy String
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures String
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy String
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus String
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile String
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl String
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb String
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns List<SettingsGuiDefaultPolicyColumn>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced String
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp String
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile String
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase String
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter String
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation String
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy String
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId String
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay String
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting String
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection String
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl String
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced String
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary String
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy String
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter String
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling String
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController String
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap String
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy String
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps String
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance String
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy String
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports String
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy String
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy String
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles String
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 String
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors String
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt String
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec String
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning String
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection String
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation String
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup String
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter String
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn String
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks String
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms String
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController String
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight String
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping String
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter String
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile String
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile String
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn String
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile String
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing String
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache String
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter String
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced String
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController String
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna String
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel String
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest String
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat String
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort Integer
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute String
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort Integer
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect String
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume String
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort Integer
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns String
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode String
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize Integer
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache String
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip String
    IP address and netmask.
    ip6 String
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr String
    Controller IP address or FQDN to connect.
    linkDownAccess String
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId String
    Local location ID in the form of an IPv4 address.
    macTtl Integer
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip String
    Transparent mode IPv4 management IP address and netmask.
    manageip6 String
    Transparent mode IPv6 management IP address and netmask.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy String
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange String
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding String
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader String
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding String
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode String
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode String
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction String
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort Integer
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit String
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic String
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation String
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper String
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace String
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort Integer
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort Integer
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort Integer
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic String
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile String
    Profile for SSL/SSH inspection.
    status String
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck String
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn String
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging String
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode String
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType String
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog String
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod Integer
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine String
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath string
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap string
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking string
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute string
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 string
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp string
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp string
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession string
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd string
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx number
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult number
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort string
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx number
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack string
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat string
    Enable/disable central NAT. Valid values: enable, disable.
    comments string
    VDOM comments.
    complianceCheck string
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode string
    Consolidated firewall mode.
    defaultAppPortAsService string
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays number
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode string
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp string
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp string
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device string
    Interface to use for management access for NAT mode.
    dhcp6ServerIp string
    DHCPv6 server IPv6 address.
    dhcpProxy string
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface string
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp string
    DHCP Server IPv4 address.
    discoveredDeviceTimeout number
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck string
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths number
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns string
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck string
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty string
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck string
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin string
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway string
    Transparent mode IPv4 default gateway IP address.
    gateway6 string
    Transparent mode IPv4 default gateway IP address.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy string
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures string
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy string
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus string
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile string
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl string
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb string
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns SettingsGuiDefaultPolicyColumn[]
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced string
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp string
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile string
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase string
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter string
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation string
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy string
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId string
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay string
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting string
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection string
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl string
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced string
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary string
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy string
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter string
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling string
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController string
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap string
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy string
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps string
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance string
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy string
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports string
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy string
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy string
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles string
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 string
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors string
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt string
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec string
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer string
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning string
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection string
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups string
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation string
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup string
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter string
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn string
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks string
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms string
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController string
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight string
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping string
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter string
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile string
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile string
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn string
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile string
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing string
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache string
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter string
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced string
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController string
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna string
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel string
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest string
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat string
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort number
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute string
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort number
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect string
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume string
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort number
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns string
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode string
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize number
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache string
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip string
    IP address and netmask.
    ip6 string
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr string
    Controller IP address or FQDN to connect.
    linkDownAccess string
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception string
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission string
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId string
    Local location ID in the form of an IPv4 address.
    macTtl number
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip string
    Transparent mode IPv4 management IP address and netmask.
    manageip6 string
    Transparent mode IPv6 management IP address and netmask.
    multicastForward string
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy string
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange string
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding string
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader string
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding string
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode string
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode string
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction string
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort number
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit string
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic string
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation string
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper string
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace string
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort number
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort number
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort number
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic string
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile string
    Profile for SSL/SSH inspection.
    status string
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck string
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn string
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging string
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode string
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType string
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog string
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod number
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine string
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allow_linkdown_path str
    Enable/disable link down path. Valid values: enable, disable.
    allow_subnet_overlap str
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    application_bandwidth_tracking str
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute str
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 str
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6_icmp str
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymroute_icmp str
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliary_session str
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd str
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfd_desired_min_tx int
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfd_detect_mult int
    BFD detection multiplier (1 - 50, default = 3).
    bfd_dont_enforce_src_port str
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfd_required_min_rx int
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    block_land_attack str
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    central_nat str
    Enable/disable central NAT. Valid values: enable, disable.
    comments str
    VDOM comments.
    compliance_check str
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidated_firewall_mode str
    Consolidated firewall mode.
    default_app_port_as_service str
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    default_policy_expiry_days int
    Default policy expiry in days (0 - 365 days, default = 30).
    default_voip_alg_mode str
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    deny_tcp_with_icmp str
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detect_unknown_esp str
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device str
    Interface to use for management access for NAT mode.
    dhcp6_server_ip str
    DHCPv6 server IPv6 address.
    dhcp_proxy str
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcp_proxy_interface str
    Specify outgoing interface to reach server.
    dhcp_proxy_interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcp_server_ip str
    DHCP Server IPv4 address.
    discovered_device_timeout int
    Timeout for discovered devices (1 - 365 days, default = 28).
    dyn_addr_session_check str
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmp_max_paths int
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    email_portal_check_dns str
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    ext_resource_session_check str
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewall_session_dirty str
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdn_session_check str
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fw_session_hairpin str
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway str
    Transparent mode IPv4 default gateway IP address.
    gateway6 str
    Transparent mode IPv4 default gateway IP address.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gui_advanced_policy str
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    gui_advanced_wireless_features str
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    gui_allow_unnamed_policy str
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    gui_antivirus str
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    gui_ap_profile str
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    gui_application_control str
    Enable/disable application control on the GUI. Valid values: enable, disable.
    gui_casb str
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    gui_default_policy_columns Sequence[SettingsGuiDefaultPolicyColumnArgs]
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    gui_dhcp_advanced str
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    gui_dlp str
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    gui_dlp_profile str
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    gui_dns_database str
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    gui_dnsfilter str
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    gui_domain_ip_reputation str
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    gui_dos_policy str
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    gui_dynamic_device_os_id str
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    gui_dynamic_profile_display str
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    gui_dynamic_routing str
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    gui_email_collection str
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    gui_endpoint_control str
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    gui_endpoint_control_advanced str
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    gui_enforce_change_summary str
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    gui_explicit_proxy str
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    gui_file_filter str
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    gui_fortiap_split_tunneling str
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    gui_fortiextender_controller str
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    gui_icap str
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    gui_implicit_policy str
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    gui_ips str
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    gui_load_balance str
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    gui_local_in_policy str
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    gui_local_reports str
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    gui_multicast_policy str
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    gui_multiple_interface_policy str
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    gui_multiple_utm_profiles str
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    gui_nat4664 str
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    gui_object_colors str
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    gui_ot str
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    gui_per_policy_disclaimer str
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    gui_policy_based_ipsec str
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    gui_policy_disclaimer str
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    gui_policy_learning str
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    gui_proxy_inspection str
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    gui_replacement_message_groups str
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    gui_route_tag_address_creation str
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    gui_security_profile_group str
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    gui_spamfilter str
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    gui_sslvpn str
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    gui_sslvpn_personal_bookmarks str
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    gui_sslvpn_realms str
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    gui_switch_controller str
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    gui_threat_weight str
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    gui_traffic_shaping str
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    gui_videofilter str
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    gui_virtual_patch_profile str
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    gui_voip_profile str
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    gui_vpn str
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    gui_waf_profile str
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    gui_wan_load_balancing str
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    gui_wanopt_cache str
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    gui_webfilter str
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    gui_webfilter_advanced str
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    gui_wireless_controller str
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    gui_ztna str
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323_direct_model str
    Enable/disable H323 direct model. Valid values: disable, enable.
    http_external_dest str
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ike_dn_format str
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ike_natt_port int
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ike_policy_route str
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ike_port int
    UDP port for IKE/IPsec traffic (default 500).
    ike_quick_crash_detect str
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ike_session_resume str
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ike_tcp_port int
    TCP port for IKE/IPsec traffic (default 4500).
    implicit_allow_dns str
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspection_mode str
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internet_service_app_ctrl_size int
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internet_service_database_cache str
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip str
    IP address and netmask.
    ip6 str
    IPv6 address prefix for NAT mode.
    lan_extension_controller_addr str
    Controller IP address or FQDN to connect.
    link_down_access str
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldp_reception str
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldp_transmission str
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    location_id str
    Local location ID in the form of an IPv4 address.
    mac_ttl int
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip str
    Transparent mode IPv4 management IP address and netmask.
    manageip6 str
    Transparent mode IPv6 management IP address and netmask.
    multicast_forward str
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicast_skip_policy str
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicast_ttl_notchange str
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46_force_ipv4_packet_forwarding str
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46_generate_ipv6_fragment_header str
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64_force_ipv6_packet_forwarding str
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfw_mode str
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode str
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prp_trailer_action str
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccp_port int
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctp_session_without_init str
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    ses_denied_traffic str
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sip_expectation str
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sip_helper str
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sip_nat_trace str
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sip_ssl_port int
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sip_tcp_port int
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sip_udp_port int
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snat_hairpin_traffic str
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    ssl_ssh_profile str
    Profile for SSL/SSH inspection.
    status str
    Enable/disable this VDOM. Valid values: enable, disable.
    strict_src_check str
    Enable/disable strict source verification. Valid values: enable, disable.
    tcp_session_without_syn str
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8_spam_tagging str
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4_ecmp_mode str
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdom_type str
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpn_stats_log str
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpn_stats_period int
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccp_cache_engine str
    Enable/disable WCCP cache engine. Valid values: enable, disable.
    allowLinkdownPath String
    Enable/disable link down path. Valid values: enable, disable.
    allowSubnetOverlap String
    Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values: enable, disable.
    applicationBandwidthTracking String
    Enable/disable application bandwidth tracking. Valid values: disable, enable.
    asymroute String
    Enable/disable IPv4 asymmetric routing. Valid values: enable, disable.
    asymroute6 String
    Enable/disable asymmetric IPv6 routing. Valid values: enable, disable.
    asymroute6Icmp String
    Enable/disable asymmetric ICMPv6 routing. Valid values: enable, disable.
    asymrouteIcmp String
    Enable/disable ICMP asymmetric routing. Valid values: enable, disable.
    auxiliarySession String
    Enable/disable auxiliary session. Valid values: enable, disable.
    bfd String
    Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values: enable, disable.
    bfdDesiredMinTx Number
    BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    bfdDetectMult Number
    BFD detection multiplier (1 - 50, default = 3).
    bfdDontEnforceSrcPort String
    Enable to not enforce verifying the source port of BFD Packets. Valid values: enable, disable.
    bfdRequiredMinRx Number
    BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
    blockLandAttack String
    Enable/disable blocking of land attacks. Valid values: disable, enable.
    centralNat String
    Enable/disable central NAT. Valid values: enable, disable.
    comments String
    VDOM comments.
    complianceCheck String
    Enable/disable PCI DSS compliance checking. Valid values: enable, disable.
    consolidatedFirewallMode String
    Consolidated firewall mode.
    defaultAppPortAsService String
    Enable/disable policy service enforcement based on application default ports. Valid values: enable, disable.
    defaultPolicyExpiryDays Number
    Default policy expiry in days (0 - 365 days, default = 30).
    defaultVoipAlgMode String
    Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values: proxy-based, kernel-helper-based.
    denyTcpWithIcmp String
    Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values: enable, disable.
    detectUnknownEsp String
    Enable/disable detection of unknown ESP packets (default = enable). Valid values: enable, disable.
    device String
    Interface to use for management access for NAT mode.
    dhcp6ServerIp String
    DHCPv6 server IPv6 address.
    dhcpProxy String
    Enable/disable the DHCP Proxy. Valid values: enable, disable.
    dhcpProxyInterface String
    Specify outgoing interface to reach server.
    dhcpProxyInterfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    dhcpServerIp String
    DHCP Server IPv4 address.
    discoveredDeviceTimeout Number
    Timeout for discovered devices (1 - 365 days, default = 28).
    dynAddrSessionCheck String
    Enable/disable dirty session check caused by dynamic address updates. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    ecmpMaxPaths Number
    Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
    emailPortalCheckDns String
    Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values: disable, enable.
    extResourceSessionCheck String
    Enable/disable dirty session check caused by external resource updates. Valid values: enable, disable.
    firewallSessionDirty String
    Select how to manage sessions affected by firewall policy configuration changes. Valid values: check-all, check-new, check-policy-option.
    fqdnSessionCheck String
    Enable/disable dirty session check caused by FQDN updates. Valid values: enable, disable.
    fwSessionHairpin String
    Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values: enable, disable.
    gateway String
    Transparent mode IPv4 default gateway IP address.
    gateway6 String
    Transparent mode IPv4 default gateway IP address.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    guiAdvancedPolicy String
    Enable/disable advanced policy configuration on the GUI. Valid values: enable, disable.
    guiAdvancedWirelessFeatures String
    Enable/disable advanced wireless features in GUI. Valid values: enable, disable.
    guiAllowUnnamedPolicy String
    Enable/disable the requirement for policy naming on the GUI. Valid values: enable, disable.
    guiAntivirus String
    Enable/disable AntiVirus on the GUI. Valid values: enable, disable.
    guiApProfile String
    Enable/disable FortiAP profiles on the GUI. Valid values: enable, disable.
    guiApplicationControl String
    Enable/disable application control on the GUI. Valid values: enable, disable.
    guiCasb String
    Enable/disable Inline-CASB on the GUI. Valid values: enable, disable.
    guiDefaultPolicyColumns List<Property Map>
    Default columns to display for policy lists on GUI. The structure of gui_default_policy_columns block is documented below.
    guiDhcpAdvanced String
    Enable/disable advanced DHCP options on the GUI. Valid values: enable, disable.
    guiDlp String
    Enable/disable DLP on the GUI. Valid values: enable, disable.
    guiDlpProfile String
    Enable/disable Data Leak Prevention on the GUI. Valid values: enable, disable.
    guiDnsDatabase String
    Enable/disable DNS database settings on the GUI. Valid values: enable, disable.
    guiDnsfilter String
    Enable/disable DNS Filtering on the GUI. Valid values: enable, disable.
    guiDomainIpReputation String
    Enable/disable Domain and IP Reputation on the GUI. Valid values: enable, disable.
    guiDosPolicy String
    Enable/disable DoS policies on the GUI. Valid values: enable, disable.
    guiDynamicDeviceOsId String
    Enable/disable Create dynamic addresses to manage known devices. Valid values: enable, disable.
    guiDynamicProfileDisplay String
    Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values: enable, disable.
    guiDynamicRouting String
    Enable/disable dynamic routing on the GUI. Valid values: enable, disable.
    guiEmailCollection String
    Enable/disable email collection on the GUI. Valid values: enable, disable.
    guiEndpointControl String
    Enable/disable endpoint control on the GUI. Valid values: enable, disable.
    guiEndpointControlAdvanced String
    Enable/disable advanced endpoint control options on the GUI. Valid values: enable, disable.
    guiEnforceChangeSummary String
    Enforce change summaries for select tables in the GUI. Valid values: disable, require, optional.
    guiExplicitProxy String
    Enable/disable the explicit proxy on the GUI. Valid values: enable, disable.
    guiFileFilter String
    Enable/disable File-filter on the GUI. Valid values: enable, disable.
    guiFortiapSplitTunneling String
    Enable/disable FortiAP split tunneling on the GUI. Valid values: enable, disable.
    guiFortiextenderController String
    Enable/disable FortiExtender on the GUI. Valid values: enable, disable.
    guiIcap String
    Enable/disable ICAP on the GUI. Valid values: enable, disable.
    guiImplicitPolicy String
    Enable/disable implicit firewall policies on the GUI. Valid values: enable, disable.
    guiIps String
    Enable/disable IPS on the GUI. Valid values: enable, disable.
    guiLoadBalance String
    Enable/disable server load balancing on the GUI. Valid values: enable, disable.
    guiLocalInPolicy String
    Enable/disable Local-In policies on the GUI. Valid values: enable, disable.
    guiLocalReports String
    Enable/disable local reports on the GUI. Valid values: enable, disable.
    guiMulticastPolicy String
    Enable/disable multicast firewall policies on the GUI. Valid values: enable, disable.
    guiMultipleInterfacePolicy String
    Enable/disable adding multiple interfaces to a policy on the GUI. Valid values: enable, disable.
    guiMultipleUtmProfiles String
    Enable/disable multiple UTM profiles on the GUI. Valid values: enable, disable.
    guiNat4664 String
    Enable/disable NAT46 and NAT64 settings on the GUI. Valid values: enable, disable.
    guiObjectColors String
    Enable/disable object colors on the GUI. Valid values: enable, disable.
    guiOt String
    Enable/disable Show Operational Technology Purdue Model. Valid values: enable, disable.
    guiPerPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyBasedIpsec String
    Enable/disable policy-based IPsec VPN on the GUI. Valid values: enable, disable.
    guiPolicyDisclaimer String
    Enable/disable policy disclaimer on the GUI. Valid values: enable, disable.
    guiPolicyLearning String
    Enable/disable firewall policy learning mode on the GUI. Valid values: enable, disable.
    guiProxyInspection String
    Enable/disable the proxy features on the GUI. Valid values: enable, disable.
    guiReplacementMessageGroups String
    Enable/disable replacement message groups on the GUI. Valid values: enable, disable.
    guiRouteTagAddressCreation String
    Enable/disable route-tag addresses on the GUI. Valid values: enable, disable.
    guiSecurityProfileGroup String
    Enable/disable Security Profile Groups on the GUI. Valid values: enable, disable.
    guiSpamfilter String
    Enable/disable Antispam on the GUI. Valid values: enable, disable.
    guiSslvpn String
    Enable/disable SSL-VPN settings pages on the GUI. Valid values: enable, disable.
    guiSslvpnPersonalBookmarks String
    Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values: enable, disable.
    guiSslvpnRealms String
    Enable/disable SSL-VPN realms on the GUI. Valid values: enable, disable.
    guiSwitchController String
    Enable/disable the switch controller on the GUI. Valid values: enable, disable.
    guiThreatWeight String
    Enable/disable threat weight on the GUI. Valid values: enable, disable.
    guiTrafficShaping String
    Enable/disable traffic shaping on the GUI. Valid values: enable, disable.
    guiVideofilter String
    Enable/disable Video filtering on the GUI. Valid values: enable, disable.
    guiVirtualPatchProfile String
    Enable/disable Virtual Patching on the GUI. Valid values: enable, disable.
    guiVoipProfile String
    Enable/disable VoIP profiles on the GUI. Valid values: enable, disable.
    guiVpn String
    Enable/disable VPN tunnels on the GUI. Valid values: enable, disable.
    guiWafProfile String
    Enable/disable Web Application Firewall on the GUI. Valid values: enable, disable.
    guiWanLoadBalancing String
    Enable/disable SD-WAN on the GUI. Valid values: enable, disable.
    guiWanoptCache String
    Enable/disable WAN Optimization and Web Caching on the GUI. Valid values: enable, disable.
    guiWebfilter String
    Enable/disable Web filtering on the GUI. Valid values: enable, disable.
    guiWebfilterAdvanced String
    Enable/disable advanced web filtering on the GUI. Valid values: enable, disable.
    guiWirelessController String
    Enable/disable the wireless controller on the GUI. Valid values: enable, disable.
    guiZtna String
    Enable/disable Zero Trust Network Access features on the GUI. Valid values: enable, disable.
    h323DirectModel String
    Enable/disable H323 direct model. Valid values: disable, enable.
    httpExternalDest String
    Offload HTTP traffic to FortiWeb or FortiCache. Valid values: fortiweb, forticache.
    ikeDnFormat String
    Configure IKE ASN.1 Distinguished Name format conventions. Valid values: with-space, no-space.
    ikeNattPort Number
    UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
    ikePolicyRoute String
    Enable/disable IKE Policy Based Routing (PBR). Valid values: enable, disable.
    ikePort Number
    UDP port for IKE/IPsec traffic (default 500).
    ikeQuickCrashDetect String
    Enable/disable IKE quick crash detection (RFC 6290). Valid values: enable, disable.
    ikeSessionResume String
    Enable/disable IKEv2 session resumption (RFC 5723). Valid values: enable, disable.
    ikeTcpPort Number
    TCP port for IKE/IPsec traffic (default 4500).
    implicitAllowDns String
    Enable/disable implicitly allowing DNS traffic. Valid values: enable, disable.
    inspectionMode String
    Inspection mode (proxy-based or flow-based). Valid values: proxy, flow.
    internetServiceAppCtrlSize Number
    Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
    internetServiceDatabaseCache String
    Enable/disable Internet Service database caching. Valid values: disable, enable.
    ip String
    IP address and netmask.
    ip6 String
    IPv6 address prefix for NAT mode.
    lanExtensionControllerAddr String
    Controller IP address or FQDN to connect.
    linkDownAccess String
    Enable/disable link down access traffic. Valid values: enable, disable.
    lldpReception String
    Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    lldpTransmission String
    Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values: enable, disable, global.
    locationId String
    Local location ID in the form of an IPv4 address.
    macTtl Number
    Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
    manageip String
    Transparent mode IPv4 management IP address and netmask.
    manageip6 String
    Transparent mode IPv6 management IP address and netmask.
    multicastForward String
    Enable/disable multicast forwarding. Valid values: enable, disable.
    multicastSkipPolicy String
    Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values: enable, disable.
    multicastTtlNotchange String
    Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values: enable, disable.
    nat46ForceIpv4PacketForwarding String
    Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values: enable, disable.
    nat46GenerateIpv6FragmentHeader String
    Enable/disable NAT46 IPv6 fragment header generation. Valid values: enable, disable.
    nat64ForceIpv6PacketForwarding String
    Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values: enable, disable.
    ngfwMode String
    Next Generation Firewall (NGFW) mode. Valid values: profile-based, policy-based.
    opmode String
    Firewall operation mode (NAT or Transparent). Valid values: nat, transparent.
    prpTrailerAction String
    Enable/disable action to take on PRP trailer. Valid values: enable, disable.
    sccpPort Number
    TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
    sctpSessionWithoutInit String
    Enable/disable SCTP session creation without SCTP INIT. Valid values: enable, disable.
    sesDeniedTraffic String
    Enable/disable including denied session in the session table. Valid values: enable, disable.
    sipExpectation String
    Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values: enable, disable.
    sipHelper String
    Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values: enable, disable.
    sipNatTrace String
    Enable/disable recording the original SIP source IP address when NAT is used. Valid values: enable, disable.
    sipSslPort Number
    TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
    sipTcpPort Number
    TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    sipUdpPort Number
    UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
    snatHairpinTraffic String
    Enable/disable source NAT (SNAT) for hairpin traffic. Valid values: enable, disable.
    sslSshProfile String
    Profile for SSL/SSH inspection.
    status String
    Enable/disable this VDOM. Valid values: enable, disable.
    strictSrcCheck String
    Enable/disable strict source verification. Valid values: enable, disable.
    tcpSessionWithoutSyn String
    Enable/disable allowing TCP session without SYN flags. Valid values: enable, disable.
    utf8SpamTagging String
    Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values: enable, disable.
    v4EcmpMode String
    IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values: source-ip-based, weight-based, usage-based, source-dest-ip-based.
    vdomType String
    VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vpnStatsLog String
    Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values: ipsec, pptp, l2tp, ssl.
    vpnStatsPeriod Number
    Period to send VPN log statistics (0 or 60 - 86400 sec).
    wccpCacheEngine String
    Enable/disable WCCP cache engine. Valid values: enable, disable.

    Supporting Types

    SettingsGuiDefaultPolicyColumn, SettingsGuiDefaultPolicyColumnArgs

    Name string
    Select column name.
    Name string
    Select column name.
    name String
    Select column name.
    name string
    Select column name.
    name str
    Select column name.
    name String
    Select column name.

    Import

    System Settings can be imported using any of these accepted formats:

    $ pulumi import fortios:system/settings:Settings labelname SystemSettings
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:system/settings:Settings labelname SystemSettings
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse