fortios.system.Settings
Explore with Pulumi AI
Configure VDOM settings.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.system.Settings("trname", {
allowLinkdownPath: "disable",
guiWebfilter: "enable",
opmode: "nat",
sipSslPort: 5061,
status: "enable",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.system.Settings("trname",
allow_linkdown_path="disable",
gui_webfilter="enable",
opmode="nat",
sip_ssl_port=5061,
status="enable")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/system"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := system.NewSettings(ctx, "trname", &system.SettingsArgs{
AllowLinkdownPath: pulumi.String("disable"),
GuiWebfilter: pulumi.String("enable"),
Opmode: pulumi.String("nat"),
SipSslPort: pulumi.Int(5061),
Status: pulumi.String("enable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.System.Settings("trname", new()
{
AllowLinkdownPath = "disable",
GuiWebfilter = "enable",
Opmode = "nat",
SipSslPort = 5061,
Status = "enable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.system.Settings;
import com.pulumi.fortios.system.SettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Settings("trname", SettingsArgs.builder()
.allowLinkdownPath("disable")
.guiWebfilter("enable")
.opmode("nat")
.sipSslPort(5061)
.status("enable")
.build());
}
}
resources:
trname:
type: fortios:system:Settings
properties:
allowLinkdownPath: disable
guiWebfilter: enable
opmode: nat
sipSslPort: 5061
status: enable
Create Settings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Settings(name: string, args?: SettingsArgs, opts?: CustomResourceOptions);
@overload
def Settings(resource_name: str,
args: Optional[SettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Settings(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_linkdown_path: Optional[str] = None,
allow_subnet_overlap: Optional[str] = None,
application_bandwidth_tracking: Optional[str] = None,
asymroute: Optional[str] = None,
asymroute6: Optional[str] = None,
asymroute6_icmp: Optional[str] = None,
asymroute_icmp: Optional[str] = None,
auxiliary_session: Optional[str] = None,
bfd: Optional[str] = None,
bfd_desired_min_tx: Optional[int] = None,
bfd_detect_mult: Optional[int] = None,
bfd_dont_enforce_src_port: Optional[str] = None,
bfd_required_min_rx: Optional[int] = None,
block_land_attack: Optional[str] = None,
central_nat: Optional[str] = None,
comments: Optional[str] = None,
compliance_check: Optional[str] = None,
consolidated_firewall_mode: Optional[str] = None,
default_app_port_as_service: Optional[str] = None,
default_policy_expiry_days: Optional[int] = None,
default_voip_alg_mode: Optional[str] = None,
deny_tcp_with_icmp: Optional[str] = None,
detect_unknown_esp: Optional[str] = None,
device: Optional[str] = None,
dhcp6_server_ip: Optional[str] = None,
dhcp_proxy: Optional[str] = None,
dhcp_proxy_interface: Optional[str] = None,
dhcp_proxy_interface_select_method: Optional[str] = None,
dhcp_server_ip: Optional[str] = None,
discovered_device_timeout: Optional[int] = None,
dyn_addr_session_check: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
ecmp_max_paths: Optional[int] = None,
email_portal_check_dns: Optional[str] = None,
ext_resource_session_check: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fqdn_session_check: Optional[str] = None,
fw_session_hairpin: Optional[str] = None,
gateway: Optional[str] = None,
gateway6: Optional[str] = None,
get_all_tables: Optional[str] = None,
gui_advanced_policy: Optional[str] = None,
gui_advanced_wireless_features: Optional[str] = None,
gui_allow_unnamed_policy: Optional[str] = None,
gui_antivirus: Optional[str] = None,
gui_ap_profile: Optional[str] = None,
gui_application_control: Optional[str] = None,
gui_casb: Optional[str] = None,
gui_default_policy_columns: Optional[Sequence[SettingsGuiDefaultPolicyColumnArgs]] = None,
gui_dhcp_advanced: Optional[str] = None,
gui_dlp: Optional[str] = None,
gui_dlp_profile: Optional[str] = None,
gui_dns_database: Optional[str] = None,
gui_dnsfilter: Optional[str] = None,
gui_domain_ip_reputation: Optional[str] = None,
gui_dos_policy: Optional[str] = None,
gui_dynamic_device_os_id: Optional[str] = None,
gui_dynamic_profile_display: Optional[str] = None,
gui_dynamic_routing: Optional[str] = None,
gui_email_collection: Optional[str] = None,
gui_endpoint_control: Optional[str] = None,
gui_endpoint_control_advanced: Optional[str] = None,
gui_enforce_change_summary: Optional[str] = None,
gui_explicit_proxy: Optional[str] = None,
gui_file_filter: Optional[str] = None,
gui_fortiap_split_tunneling: Optional[str] = None,
gui_fortiextender_controller: Optional[str] = None,
gui_icap: Optional[str] = None,
gui_implicit_policy: Optional[str] = None,
gui_ips: Optional[str] = None,
gui_load_balance: Optional[str] = None,
gui_local_in_policy: Optional[str] = None,
gui_local_reports: Optional[str] = None,
gui_multicast_policy: Optional[str] = None,
gui_multiple_interface_policy: Optional[str] = None,
gui_multiple_utm_profiles: Optional[str] = None,
gui_nat4664: Optional[str] = None,
gui_object_colors: Optional[str] = None,
gui_ot: Optional[str] = None,
gui_per_policy_disclaimer: Optional[str] = None,
gui_policy_based_ipsec: Optional[str] = None,
gui_policy_disclaimer: Optional[str] = None,
gui_policy_learning: Optional[str] = None,
gui_proxy_inspection: Optional[str] = None,
gui_replacement_message_groups: Optional[str] = None,
gui_route_tag_address_creation: Optional[str] = None,
gui_security_profile_group: Optional[str] = None,
gui_spamfilter: Optional[str] = None,
gui_sslvpn: Optional[str] = None,
gui_sslvpn_personal_bookmarks: Optional[str] = None,
gui_sslvpn_realms: Optional[str] = None,
gui_switch_controller: Optional[str] = None,
gui_threat_weight: Optional[str] = None,
gui_traffic_shaping: Optional[str] = None,
gui_videofilter: Optional[str] = None,
gui_virtual_patch_profile: Optional[str] = None,
gui_voip_profile: Optional[str] = None,
gui_vpn: Optional[str] = None,
gui_waf_profile: Optional[str] = None,
gui_wan_load_balancing: Optional[str] = None,
gui_wanopt_cache: Optional[str] = None,
gui_webfilter: Optional[str] = None,
gui_webfilter_advanced: Optional[str] = None,
gui_wireless_controller: Optional[str] = None,
gui_ztna: Optional[str] = None,
h323_direct_model: Optional[str] = None,
http_external_dest: Optional[str] = None,
ike_dn_format: Optional[str] = None,
ike_natt_port: Optional[int] = None,
ike_policy_route: Optional[str] = None,
ike_port: Optional[int] = None,
ike_quick_crash_detect: Optional[str] = None,
ike_session_resume: Optional[str] = None,
ike_tcp_port: Optional[int] = None,
implicit_allow_dns: Optional[str] = None,
inspection_mode: Optional[str] = None,
internet_service_app_ctrl_size: Optional[int] = None,
internet_service_database_cache: Optional[str] = None,
ip: Optional[str] = None,
ip6: Optional[str] = None,
lan_extension_controller_addr: Optional[str] = None,
link_down_access: Optional[str] = None,
lldp_reception: Optional[str] = None,
lldp_transmission: Optional[str] = None,
location_id: Optional[str] = None,
mac_ttl: Optional[int] = None,
manageip: Optional[str] = None,
manageip6: Optional[str] = None,
multicast_forward: Optional[str] = None,
multicast_skip_policy: Optional[str] = None,
multicast_ttl_notchange: Optional[str] = None,
nat46_force_ipv4_packet_forwarding: Optional[str] = None,
nat46_generate_ipv6_fragment_header: Optional[str] = None,
nat64_force_ipv6_packet_forwarding: Optional[str] = None,
ngfw_mode: Optional[str] = None,
opmode: Optional[str] = None,
prp_trailer_action: Optional[str] = None,
sccp_port: Optional[int] = None,
sctp_session_without_init: Optional[str] = None,
ses_denied_traffic: Optional[str] = None,
sip_expectation: Optional[str] = None,
sip_helper: Optional[str] = None,
sip_nat_trace: Optional[str] = None,
sip_ssl_port: Optional[int] = None,
sip_tcp_port: Optional[int] = None,
sip_udp_port: Optional[int] = None,
snat_hairpin_traffic: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
strict_src_check: Optional[str] = None,
tcp_session_without_syn: Optional[str] = None,
utf8_spam_tagging: Optional[str] = None,
v4_ecmp_mode: Optional[str] = None,
vdom_type: Optional[str] = None,
vdomparam: Optional[str] = None,
vpn_stats_log: Optional[str] = None,
vpn_stats_period: Optional[int] = None,
wccp_cache_engine: Optional[str] = None)
func NewSettings(ctx *Context, name string, args *SettingsArgs, opts ...ResourceOption) (*Settings, error)
public Settings(string name, SettingsArgs? args = null, CustomResourceOptions? opts = null)
public Settings(String name, SettingsArgs args)
public Settings(String name, SettingsArgs args, CustomResourceOptions options)
type: fortios:system:Settings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplesettingsResourceResourceFromSystemsettings = new Fortios.System.Settings("examplesettingsResourceResourceFromSystemsettings", new()
{
AllowLinkdownPath = "string",
AllowSubnetOverlap = "string",
ApplicationBandwidthTracking = "string",
Asymroute = "string",
Asymroute6 = "string",
Asymroute6Icmp = "string",
AsymrouteIcmp = "string",
AuxiliarySession = "string",
Bfd = "string",
BfdDesiredMinTx = 0,
BfdDetectMult = 0,
BfdDontEnforceSrcPort = "string",
BfdRequiredMinRx = 0,
BlockLandAttack = "string",
CentralNat = "string",
Comments = "string",
ComplianceCheck = "string",
ConsolidatedFirewallMode = "string",
DefaultAppPortAsService = "string",
DefaultPolicyExpiryDays = 0,
DefaultVoipAlgMode = "string",
DenyTcpWithIcmp = "string",
DetectUnknownEsp = "string",
Device = "string",
Dhcp6ServerIp = "string",
DhcpProxy = "string",
DhcpProxyInterface = "string",
DhcpProxyInterfaceSelectMethod = "string",
DhcpServerIp = "string",
DiscoveredDeviceTimeout = 0,
DynAddrSessionCheck = "string",
DynamicSortSubtable = "string",
EcmpMaxPaths = 0,
EmailPortalCheckDns = "string",
ExtResourceSessionCheck = "string",
FirewallSessionDirty = "string",
FqdnSessionCheck = "string",
FwSessionHairpin = "string",
Gateway = "string",
Gateway6 = "string",
GetAllTables = "string",
GuiAdvancedPolicy = "string",
GuiAdvancedWirelessFeatures = "string",
GuiAllowUnnamedPolicy = "string",
GuiAntivirus = "string",
GuiApProfile = "string",
GuiApplicationControl = "string",
GuiCasb = "string",
GuiDefaultPolicyColumns = new[]
{
new Fortios.System.Inputs.SettingsGuiDefaultPolicyColumnArgs
{
Name = "string",
},
},
GuiDhcpAdvanced = "string",
GuiDlp = "string",
GuiDlpProfile = "string",
GuiDnsDatabase = "string",
GuiDnsfilter = "string",
GuiDomainIpReputation = "string",
GuiDosPolicy = "string",
GuiDynamicDeviceOsId = "string",
GuiDynamicProfileDisplay = "string",
GuiDynamicRouting = "string",
GuiEmailCollection = "string",
GuiEndpointControl = "string",
GuiEndpointControlAdvanced = "string",
GuiEnforceChangeSummary = "string",
GuiExplicitProxy = "string",
GuiFileFilter = "string",
GuiFortiapSplitTunneling = "string",
GuiFortiextenderController = "string",
GuiIcap = "string",
GuiImplicitPolicy = "string",
GuiIps = "string",
GuiLoadBalance = "string",
GuiLocalInPolicy = "string",
GuiLocalReports = "string",
GuiMulticastPolicy = "string",
GuiMultipleInterfacePolicy = "string",
GuiMultipleUtmProfiles = "string",
GuiNat4664 = "string",
GuiObjectColors = "string",
GuiOt = "string",
GuiPerPolicyDisclaimer = "string",
GuiPolicyBasedIpsec = "string",
GuiPolicyDisclaimer = "string",
GuiPolicyLearning = "string",
GuiProxyInspection = "string",
GuiReplacementMessageGroups = "string",
GuiRouteTagAddressCreation = "string",
GuiSecurityProfileGroup = "string",
GuiSpamfilter = "string",
GuiSslvpn = "string",
GuiSslvpnPersonalBookmarks = "string",
GuiSslvpnRealms = "string",
GuiSwitchController = "string",
GuiThreatWeight = "string",
GuiTrafficShaping = "string",
GuiVideofilter = "string",
GuiVirtualPatchProfile = "string",
GuiVoipProfile = "string",
GuiVpn = "string",
GuiWafProfile = "string",
GuiWanLoadBalancing = "string",
GuiWanoptCache = "string",
GuiWebfilter = "string",
GuiWebfilterAdvanced = "string",
GuiWirelessController = "string",
GuiZtna = "string",
H323DirectModel = "string",
HttpExternalDest = "string",
IkeDnFormat = "string",
IkeNattPort = 0,
IkePolicyRoute = "string",
IkePort = 0,
IkeQuickCrashDetect = "string",
IkeSessionResume = "string",
IkeTcpPort = 0,
ImplicitAllowDns = "string",
InspectionMode = "string",
InternetServiceAppCtrlSize = 0,
InternetServiceDatabaseCache = "string",
Ip = "string",
Ip6 = "string",
LanExtensionControllerAddr = "string",
LinkDownAccess = "string",
LldpReception = "string",
LldpTransmission = "string",
LocationId = "string",
MacTtl = 0,
Manageip = "string",
Manageip6 = "string",
MulticastForward = "string",
MulticastSkipPolicy = "string",
MulticastTtlNotchange = "string",
Nat46ForceIpv4PacketForwarding = "string",
Nat46GenerateIpv6FragmentHeader = "string",
Nat64ForceIpv6PacketForwarding = "string",
NgfwMode = "string",
Opmode = "string",
PrpTrailerAction = "string",
SccpPort = 0,
SctpSessionWithoutInit = "string",
SesDeniedTraffic = "string",
SipExpectation = "string",
SipHelper = "string",
SipNatTrace = "string",
SipSslPort = 0,
SipTcpPort = 0,
SipUdpPort = 0,
SnatHairpinTraffic = "string",
SslSshProfile = "string",
Status = "string",
StrictSrcCheck = "string",
TcpSessionWithoutSyn = "string",
Utf8SpamTagging = "string",
V4EcmpMode = "string",
VdomType = "string",
Vdomparam = "string",
VpnStatsLog = "string",
VpnStatsPeriod = 0,
WccpCacheEngine = "string",
});
example, err := system.NewSettings(ctx, "examplesettingsResourceResourceFromSystemsettings", &system.SettingsArgs{
AllowLinkdownPath: pulumi.String("string"),
AllowSubnetOverlap: pulumi.String("string"),
ApplicationBandwidthTracking: pulumi.String("string"),
Asymroute: pulumi.String("string"),
Asymroute6: pulumi.String("string"),
Asymroute6Icmp: pulumi.String("string"),
AsymrouteIcmp: pulumi.String("string"),
AuxiliarySession: pulumi.String("string"),
Bfd: pulumi.String("string"),
BfdDesiredMinTx: pulumi.Int(0),
BfdDetectMult: pulumi.Int(0),
BfdDontEnforceSrcPort: pulumi.String("string"),
BfdRequiredMinRx: pulumi.Int(0),
BlockLandAttack: pulumi.String("string"),
CentralNat: pulumi.String("string"),
Comments: pulumi.String("string"),
ComplianceCheck: pulumi.String("string"),
ConsolidatedFirewallMode: pulumi.String("string"),
DefaultAppPortAsService: pulumi.String("string"),
DefaultPolicyExpiryDays: pulumi.Int(0),
DefaultVoipAlgMode: pulumi.String("string"),
DenyTcpWithIcmp: pulumi.String("string"),
DetectUnknownEsp: pulumi.String("string"),
Device: pulumi.String("string"),
Dhcp6ServerIp: pulumi.String("string"),
DhcpProxy: pulumi.String("string"),
DhcpProxyInterface: pulumi.String("string"),
DhcpProxyInterfaceSelectMethod: pulumi.String("string"),
DhcpServerIp: pulumi.String("string"),
DiscoveredDeviceTimeout: pulumi.Int(0),
DynAddrSessionCheck: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EcmpMaxPaths: pulumi.Int(0),
EmailPortalCheckDns: pulumi.String("string"),
ExtResourceSessionCheck: pulumi.String("string"),
FirewallSessionDirty: pulumi.String("string"),
FqdnSessionCheck: pulumi.String("string"),
FwSessionHairpin: pulumi.String("string"),
Gateway: pulumi.String("string"),
Gateway6: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
GuiAdvancedPolicy: pulumi.String("string"),
GuiAdvancedWirelessFeatures: pulumi.String("string"),
GuiAllowUnnamedPolicy: pulumi.String("string"),
GuiAntivirus: pulumi.String("string"),
GuiApProfile: pulumi.String("string"),
GuiApplicationControl: pulumi.String("string"),
GuiCasb: pulumi.String("string"),
GuiDefaultPolicyColumns: system.SettingsGuiDefaultPolicyColumnArray{
&system.SettingsGuiDefaultPolicyColumnArgs{
Name: pulumi.String("string"),
},
},
GuiDhcpAdvanced: pulumi.String("string"),
GuiDlp: pulumi.String("string"),
GuiDlpProfile: pulumi.String("string"),
GuiDnsDatabase: pulumi.String("string"),
GuiDnsfilter: pulumi.String("string"),
GuiDomainIpReputation: pulumi.String("string"),
GuiDosPolicy: pulumi.String("string"),
GuiDynamicDeviceOsId: pulumi.String("string"),
GuiDynamicProfileDisplay: pulumi.String("string"),
GuiDynamicRouting: pulumi.String("string"),
GuiEmailCollection: pulumi.String("string"),
GuiEndpointControl: pulumi.String("string"),
GuiEndpointControlAdvanced: pulumi.String("string"),
GuiEnforceChangeSummary: pulumi.String("string"),
GuiExplicitProxy: pulumi.String("string"),
GuiFileFilter: pulumi.String("string"),
GuiFortiapSplitTunneling: pulumi.String("string"),
GuiFortiextenderController: pulumi.String("string"),
GuiIcap: pulumi.String("string"),
GuiImplicitPolicy: pulumi.String("string"),
GuiIps: pulumi.String("string"),
GuiLoadBalance: pulumi.String("string"),
GuiLocalInPolicy: pulumi.String("string"),
GuiLocalReports: pulumi.String("string"),
GuiMulticastPolicy: pulumi.String("string"),
GuiMultipleInterfacePolicy: pulumi.String("string"),
GuiMultipleUtmProfiles: pulumi.String("string"),
GuiNat4664: pulumi.String("string"),
GuiObjectColors: pulumi.String("string"),
GuiOt: pulumi.String("string"),
GuiPerPolicyDisclaimer: pulumi.String("string"),
GuiPolicyBasedIpsec: pulumi.String("string"),
GuiPolicyDisclaimer: pulumi.String("string"),
GuiPolicyLearning: pulumi.String("string"),
GuiProxyInspection: pulumi.String("string"),
GuiReplacementMessageGroups: pulumi.String("string"),
GuiRouteTagAddressCreation: pulumi.String("string"),
GuiSecurityProfileGroup: pulumi.String("string"),
GuiSpamfilter: pulumi.String("string"),
GuiSslvpn: pulumi.String("string"),
GuiSslvpnPersonalBookmarks: pulumi.String("string"),
GuiSslvpnRealms: pulumi.String("string"),
GuiSwitchController: pulumi.String("string"),
GuiThreatWeight: pulumi.String("string"),
GuiTrafficShaping: pulumi.String("string"),
GuiVideofilter: pulumi.String("string"),
GuiVirtualPatchProfile: pulumi.String("string"),
GuiVoipProfile: pulumi.String("string"),
GuiVpn: pulumi.String("string"),
GuiWafProfile: pulumi.String("string"),
GuiWanLoadBalancing: pulumi.String("string"),
GuiWanoptCache: pulumi.String("string"),
GuiWebfilter: pulumi.String("string"),
GuiWebfilterAdvanced: pulumi.String("string"),
GuiWirelessController: pulumi.String("string"),
GuiZtna: pulumi.String("string"),
H323DirectModel: pulumi.String("string"),
HttpExternalDest: pulumi.String("string"),
IkeDnFormat: pulumi.String("string"),
IkeNattPort: pulumi.Int(0),
IkePolicyRoute: pulumi.String("string"),
IkePort: pulumi.Int(0),
IkeQuickCrashDetect: pulumi.String("string"),
IkeSessionResume: pulumi.String("string"),
IkeTcpPort: pulumi.Int(0),
ImplicitAllowDns: pulumi.String("string"),
InspectionMode: pulumi.String("string"),
InternetServiceAppCtrlSize: pulumi.Int(0),
InternetServiceDatabaseCache: pulumi.String("string"),
Ip: pulumi.String("string"),
Ip6: pulumi.String("string"),
LanExtensionControllerAddr: pulumi.String("string"),
LinkDownAccess: pulumi.String("string"),
LldpReception: pulumi.String("string"),
LldpTransmission: pulumi.String("string"),
LocationId: pulumi.String("string"),
MacTtl: pulumi.Int(0),
Manageip: pulumi.String("string"),
Manageip6: pulumi.String("string"),
MulticastForward: pulumi.String("string"),
MulticastSkipPolicy: pulumi.String("string"),
MulticastTtlNotchange: pulumi.String("string"),
Nat46ForceIpv4PacketForwarding: pulumi.String("string"),
Nat46GenerateIpv6FragmentHeader: pulumi.String("string"),
Nat64ForceIpv6PacketForwarding: pulumi.String("string"),
NgfwMode: pulumi.String("string"),
Opmode: pulumi.String("string"),
PrpTrailerAction: pulumi.String("string"),
SccpPort: pulumi.Int(0),
SctpSessionWithoutInit: pulumi.String("string"),
SesDeniedTraffic: pulumi.String("string"),
SipExpectation: pulumi.String("string"),
SipHelper: pulumi.String("string"),
SipNatTrace: pulumi.String("string"),
SipSslPort: pulumi.Int(0),
SipTcpPort: pulumi.Int(0),
SipUdpPort: pulumi.Int(0),
SnatHairpinTraffic: pulumi.String("string"),
SslSshProfile: pulumi.String("string"),
Status: pulumi.String("string"),
StrictSrcCheck: pulumi.String("string"),
TcpSessionWithoutSyn: pulumi.String("string"),
Utf8SpamTagging: pulumi.String("string"),
V4EcmpMode: pulumi.String("string"),
VdomType: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
VpnStatsLog: pulumi.String("string"),
VpnStatsPeriod: pulumi.Int(0),
WccpCacheEngine: pulumi.String("string"),
})
var examplesettingsResourceResourceFromSystemsettings = new Settings("examplesettingsResourceResourceFromSystemsettings", SettingsArgs.builder()
.allowLinkdownPath("string")
.allowSubnetOverlap("string")
.applicationBandwidthTracking("string")
.asymroute("string")
.asymroute6("string")
.asymroute6Icmp("string")
.asymrouteIcmp("string")
.auxiliarySession("string")
.bfd("string")
.bfdDesiredMinTx(0)
.bfdDetectMult(0)
.bfdDontEnforceSrcPort("string")
.bfdRequiredMinRx(0)
.blockLandAttack("string")
.centralNat("string")
.comments("string")
.complianceCheck("string")
.consolidatedFirewallMode("string")
.defaultAppPortAsService("string")
.defaultPolicyExpiryDays(0)
.defaultVoipAlgMode("string")
.denyTcpWithIcmp("string")
.detectUnknownEsp("string")
.device("string")
.dhcp6ServerIp("string")
.dhcpProxy("string")
.dhcpProxyInterface("string")
.dhcpProxyInterfaceSelectMethod("string")
.dhcpServerIp("string")
.discoveredDeviceTimeout(0)
.dynAddrSessionCheck("string")
.dynamicSortSubtable("string")
.ecmpMaxPaths(0)
.emailPortalCheckDns("string")
.extResourceSessionCheck("string")
.firewallSessionDirty("string")
.fqdnSessionCheck("string")
.fwSessionHairpin("string")
.gateway("string")
.gateway6("string")
.getAllTables("string")
.guiAdvancedPolicy("string")
.guiAdvancedWirelessFeatures("string")
.guiAllowUnnamedPolicy("string")
.guiAntivirus("string")
.guiApProfile("string")
.guiApplicationControl("string")
.guiCasb("string")
.guiDefaultPolicyColumns(SettingsGuiDefaultPolicyColumnArgs.builder()
.name("string")
.build())
.guiDhcpAdvanced("string")
.guiDlp("string")
.guiDlpProfile("string")
.guiDnsDatabase("string")
.guiDnsfilter("string")
.guiDomainIpReputation("string")
.guiDosPolicy("string")
.guiDynamicDeviceOsId("string")
.guiDynamicProfileDisplay("string")
.guiDynamicRouting("string")
.guiEmailCollection("string")
.guiEndpointControl("string")
.guiEndpointControlAdvanced("string")
.guiEnforceChangeSummary("string")
.guiExplicitProxy("string")
.guiFileFilter("string")
.guiFortiapSplitTunneling("string")
.guiFortiextenderController("string")
.guiIcap("string")
.guiImplicitPolicy("string")
.guiIps("string")
.guiLoadBalance("string")
.guiLocalInPolicy("string")
.guiLocalReports("string")
.guiMulticastPolicy("string")
.guiMultipleInterfacePolicy("string")
.guiMultipleUtmProfiles("string")
.guiNat4664("string")
.guiObjectColors("string")
.guiOt("string")
.guiPerPolicyDisclaimer("string")
.guiPolicyBasedIpsec("string")
.guiPolicyDisclaimer("string")
.guiPolicyLearning("string")
.guiProxyInspection("string")
.guiReplacementMessageGroups("string")
.guiRouteTagAddressCreation("string")
.guiSecurityProfileGroup("string")
.guiSpamfilter("string")
.guiSslvpn("string")
.guiSslvpnPersonalBookmarks("string")
.guiSslvpnRealms("string")
.guiSwitchController("string")
.guiThreatWeight("string")
.guiTrafficShaping("string")
.guiVideofilter("string")
.guiVirtualPatchProfile("string")
.guiVoipProfile("string")
.guiVpn("string")
.guiWafProfile("string")
.guiWanLoadBalancing("string")
.guiWanoptCache("string")
.guiWebfilter("string")
.guiWebfilterAdvanced("string")
.guiWirelessController("string")
.guiZtna("string")
.h323DirectModel("string")
.httpExternalDest("string")
.ikeDnFormat("string")
.ikeNattPort(0)
.ikePolicyRoute("string")
.ikePort(0)
.ikeQuickCrashDetect("string")
.ikeSessionResume("string")
.ikeTcpPort(0)
.implicitAllowDns("string")
.inspectionMode("string")
.internetServiceAppCtrlSize(0)
.internetServiceDatabaseCache("string")
.ip("string")
.ip6("string")
.lanExtensionControllerAddr("string")
.linkDownAccess("string")
.lldpReception("string")
.lldpTransmission("string")
.locationId("string")
.macTtl(0)
.manageip("string")
.manageip6("string")
.multicastForward("string")
.multicastSkipPolicy("string")
.multicastTtlNotchange("string")
.nat46ForceIpv4PacketForwarding("string")
.nat46GenerateIpv6FragmentHeader("string")
.nat64ForceIpv6PacketForwarding("string")
.ngfwMode("string")
.opmode("string")
.prpTrailerAction("string")
.sccpPort(0)
.sctpSessionWithoutInit("string")
.sesDeniedTraffic("string")
.sipExpectation("string")
.sipHelper("string")
.sipNatTrace("string")
.sipSslPort(0)
.sipTcpPort(0)
.sipUdpPort(0)
.snatHairpinTraffic("string")
.sslSshProfile("string")
.status("string")
.strictSrcCheck("string")
.tcpSessionWithoutSyn("string")
.utf8SpamTagging("string")
.v4EcmpMode("string")
.vdomType("string")
.vdomparam("string")
.vpnStatsLog("string")
.vpnStatsPeriod(0)
.wccpCacheEngine("string")
.build());
examplesettings_resource_resource_from_systemsettings = fortios.system.Settings("examplesettingsResourceResourceFromSystemsettings",
allow_linkdown_path="string",
allow_subnet_overlap="string",
application_bandwidth_tracking="string",
asymroute="string",
asymroute6="string",
asymroute6_icmp="string",
asymroute_icmp="string",
auxiliary_session="string",
bfd="string",
bfd_desired_min_tx=0,
bfd_detect_mult=0,
bfd_dont_enforce_src_port="string",
bfd_required_min_rx=0,
block_land_attack="string",
central_nat="string",
comments="string",
compliance_check="string",
consolidated_firewall_mode="string",
default_app_port_as_service="string",
default_policy_expiry_days=0,
default_voip_alg_mode="string",
deny_tcp_with_icmp="string",
detect_unknown_esp="string",
device="string",
dhcp6_server_ip="string",
dhcp_proxy="string",
dhcp_proxy_interface="string",
dhcp_proxy_interface_select_method="string",
dhcp_server_ip="string",
discovered_device_timeout=0,
dyn_addr_session_check="string",
dynamic_sort_subtable="string",
ecmp_max_paths=0,
email_portal_check_dns="string",
ext_resource_session_check="string",
firewall_session_dirty="string",
fqdn_session_check="string",
fw_session_hairpin="string",
gateway="string",
gateway6="string",
get_all_tables="string",
gui_advanced_policy="string",
gui_advanced_wireless_features="string",
gui_allow_unnamed_policy="string",
gui_antivirus="string",
gui_ap_profile="string",
gui_application_control="string",
gui_casb="string",
gui_default_policy_columns=[{
"name": "string",
}],
gui_dhcp_advanced="string",
gui_dlp="string",
gui_dlp_profile="string",
gui_dns_database="string",
gui_dnsfilter="string",
gui_domain_ip_reputation="string",
gui_dos_policy="string",
gui_dynamic_device_os_id="string",
gui_dynamic_profile_display="string",
gui_dynamic_routing="string",
gui_email_collection="string",
gui_endpoint_control="string",
gui_endpoint_control_advanced="string",
gui_enforce_change_summary="string",
gui_explicit_proxy="string",
gui_file_filter="string",
gui_fortiap_split_tunneling="string",
gui_fortiextender_controller="string",
gui_icap="string",
gui_implicit_policy="string",
gui_ips="string",
gui_load_balance="string",
gui_local_in_policy="string",
gui_local_reports="string",
gui_multicast_policy="string",
gui_multiple_interface_policy="string",
gui_multiple_utm_profiles="string",
gui_nat4664="string",
gui_object_colors="string",
gui_ot="string",
gui_per_policy_disclaimer="string",
gui_policy_based_ipsec="string",
gui_policy_disclaimer="string",
gui_policy_learning="string",
gui_proxy_inspection="string",
gui_replacement_message_groups="string",
gui_route_tag_address_creation="string",
gui_security_profile_group="string",
gui_spamfilter="string",
gui_sslvpn="string",
gui_sslvpn_personal_bookmarks="string",
gui_sslvpn_realms="string",
gui_switch_controller="string",
gui_threat_weight="string",
gui_traffic_shaping="string",
gui_videofilter="string",
gui_virtual_patch_profile="string",
gui_voip_profile="string",
gui_vpn="string",
gui_waf_profile="string",
gui_wan_load_balancing="string",
gui_wanopt_cache="string",
gui_webfilter="string",
gui_webfilter_advanced="string",
gui_wireless_controller="string",
gui_ztna="string",
h323_direct_model="string",
http_external_dest="string",
ike_dn_format="string",
ike_natt_port=0,
ike_policy_route="string",
ike_port=0,
ike_quick_crash_detect="string",
ike_session_resume="string",
ike_tcp_port=0,
implicit_allow_dns="string",
inspection_mode="string",
internet_service_app_ctrl_size=0,
internet_service_database_cache="string",
ip="string",
ip6="string",
lan_extension_controller_addr="string",
link_down_access="string",
lldp_reception="string",
lldp_transmission="string",
location_id="string",
mac_ttl=0,
manageip="string",
manageip6="string",
multicast_forward="string",
multicast_skip_policy="string",
multicast_ttl_notchange="string",
nat46_force_ipv4_packet_forwarding="string",
nat46_generate_ipv6_fragment_header="string",
nat64_force_ipv6_packet_forwarding="string",
ngfw_mode="string",
opmode="string",
prp_trailer_action="string",
sccp_port=0,
sctp_session_without_init="string",
ses_denied_traffic="string",
sip_expectation="string",
sip_helper="string",
sip_nat_trace="string",
sip_ssl_port=0,
sip_tcp_port=0,
sip_udp_port=0,
snat_hairpin_traffic="string",
ssl_ssh_profile="string",
status="string",
strict_src_check="string",
tcp_session_without_syn="string",
utf8_spam_tagging="string",
v4_ecmp_mode="string",
vdom_type="string",
vdomparam="string",
vpn_stats_log="string",
vpn_stats_period=0,
wccp_cache_engine="string")
const examplesettingsResourceResourceFromSystemsettings = new fortios.system.Settings("examplesettingsResourceResourceFromSystemsettings", {
allowLinkdownPath: "string",
allowSubnetOverlap: "string",
applicationBandwidthTracking: "string",
asymroute: "string",
asymroute6: "string",
asymroute6Icmp: "string",
asymrouteIcmp: "string",
auxiliarySession: "string",
bfd: "string",
bfdDesiredMinTx: 0,
bfdDetectMult: 0,
bfdDontEnforceSrcPort: "string",
bfdRequiredMinRx: 0,
blockLandAttack: "string",
centralNat: "string",
comments: "string",
complianceCheck: "string",
consolidatedFirewallMode: "string",
defaultAppPortAsService: "string",
defaultPolicyExpiryDays: 0,
defaultVoipAlgMode: "string",
denyTcpWithIcmp: "string",
detectUnknownEsp: "string",
device: "string",
dhcp6ServerIp: "string",
dhcpProxy: "string",
dhcpProxyInterface: "string",
dhcpProxyInterfaceSelectMethod: "string",
dhcpServerIp: "string",
discoveredDeviceTimeout: 0,
dynAddrSessionCheck: "string",
dynamicSortSubtable: "string",
ecmpMaxPaths: 0,
emailPortalCheckDns: "string",
extResourceSessionCheck: "string",
firewallSessionDirty: "string",
fqdnSessionCheck: "string",
fwSessionHairpin: "string",
gateway: "string",
gateway6: "string",
getAllTables: "string",
guiAdvancedPolicy: "string",
guiAdvancedWirelessFeatures: "string",
guiAllowUnnamedPolicy: "string",
guiAntivirus: "string",
guiApProfile: "string",
guiApplicationControl: "string",
guiCasb: "string",
guiDefaultPolicyColumns: [{
name: "string",
}],
guiDhcpAdvanced: "string",
guiDlp: "string",
guiDlpProfile: "string",
guiDnsDatabase: "string",
guiDnsfilter: "string",
guiDomainIpReputation: "string",
guiDosPolicy: "string",
guiDynamicDeviceOsId: "string",
guiDynamicProfileDisplay: "string",
guiDynamicRouting: "string",
guiEmailCollection: "string",
guiEndpointControl: "string",
guiEndpointControlAdvanced: "string",
guiEnforceChangeSummary: "string",
guiExplicitProxy: "string",
guiFileFilter: "string",
guiFortiapSplitTunneling: "string",
guiFortiextenderController: "string",
guiIcap: "string",
guiImplicitPolicy: "string",
guiIps: "string",
guiLoadBalance: "string",
guiLocalInPolicy: "string",
guiLocalReports: "string",
guiMulticastPolicy: "string",
guiMultipleInterfacePolicy: "string",
guiMultipleUtmProfiles: "string",
guiNat4664: "string",
guiObjectColors: "string",
guiOt: "string",
guiPerPolicyDisclaimer: "string",
guiPolicyBasedIpsec: "string",
guiPolicyDisclaimer: "string",
guiPolicyLearning: "string",
guiProxyInspection: "string",
guiReplacementMessageGroups: "string",
guiRouteTagAddressCreation: "string",
guiSecurityProfileGroup: "string",
guiSpamfilter: "string",
guiSslvpn: "string",
guiSslvpnPersonalBookmarks: "string",
guiSslvpnRealms: "string",
guiSwitchController: "string",
guiThreatWeight: "string",
guiTrafficShaping: "string",
guiVideofilter: "string",
guiVirtualPatchProfile: "string",
guiVoipProfile: "string",
guiVpn: "string",
guiWafProfile: "string",
guiWanLoadBalancing: "string",
guiWanoptCache: "string",
guiWebfilter: "string",
guiWebfilterAdvanced: "string",
guiWirelessController: "string",
guiZtna: "string",
h323DirectModel: "string",
httpExternalDest: "string",
ikeDnFormat: "string",
ikeNattPort: 0,
ikePolicyRoute: "string",
ikePort: 0,
ikeQuickCrashDetect: "string",
ikeSessionResume: "string",
ikeTcpPort: 0,
implicitAllowDns: "string",
inspectionMode: "string",
internetServiceAppCtrlSize: 0,
internetServiceDatabaseCache: "string",
ip: "string",
ip6: "string",
lanExtensionControllerAddr: "string",
linkDownAccess: "string",
lldpReception: "string",
lldpTransmission: "string",
locationId: "string",
macTtl: 0,
manageip: "string",
manageip6: "string",
multicastForward: "string",
multicastSkipPolicy: "string",
multicastTtlNotchange: "string",
nat46ForceIpv4PacketForwarding: "string",
nat46GenerateIpv6FragmentHeader: "string",
nat64ForceIpv6PacketForwarding: "string",
ngfwMode: "string",
opmode: "string",
prpTrailerAction: "string",
sccpPort: 0,
sctpSessionWithoutInit: "string",
sesDeniedTraffic: "string",
sipExpectation: "string",
sipHelper: "string",
sipNatTrace: "string",
sipSslPort: 0,
sipTcpPort: 0,
sipUdpPort: 0,
snatHairpinTraffic: "string",
sslSshProfile: "string",
status: "string",
strictSrcCheck: "string",
tcpSessionWithoutSyn: "string",
utf8SpamTagging: "string",
v4EcmpMode: "string",
vdomType: "string",
vdomparam: "string",
vpnStatsLog: "string",
vpnStatsPeriod: 0,
wccpCacheEngine: "string",
});
type: fortios:system:Settings
properties:
allowLinkdownPath: string
allowSubnetOverlap: string
applicationBandwidthTracking: string
asymroute: string
asymroute6: string
asymroute6Icmp: string
asymrouteIcmp: string
auxiliarySession: string
bfd: string
bfdDesiredMinTx: 0
bfdDetectMult: 0
bfdDontEnforceSrcPort: string
bfdRequiredMinRx: 0
blockLandAttack: string
centralNat: string
comments: string
complianceCheck: string
consolidatedFirewallMode: string
defaultAppPortAsService: string
defaultPolicyExpiryDays: 0
defaultVoipAlgMode: string
denyTcpWithIcmp: string
detectUnknownEsp: string
device: string
dhcp6ServerIp: string
dhcpProxy: string
dhcpProxyInterface: string
dhcpProxyInterfaceSelectMethod: string
dhcpServerIp: string
discoveredDeviceTimeout: 0
dynAddrSessionCheck: string
dynamicSortSubtable: string
ecmpMaxPaths: 0
emailPortalCheckDns: string
extResourceSessionCheck: string
firewallSessionDirty: string
fqdnSessionCheck: string
fwSessionHairpin: string
gateway: string
gateway6: string
getAllTables: string
guiAdvancedPolicy: string
guiAdvancedWirelessFeatures: string
guiAllowUnnamedPolicy: string
guiAntivirus: string
guiApProfile: string
guiApplicationControl: string
guiCasb: string
guiDefaultPolicyColumns:
- name: string
guiDhcpAdvanced: string
guiDlp: string
guiDlpProfile: string
guiDnsDatabase: string
guiDnsfilter: string
guiDomainIpReputation: string
guiDosPolicy: string
guiDynamicDeviceOsId: string
guiDynamicProfileDisplay: string
guiDynamicRouting: string
guiEmailCollection: string
guiEndpointControl: string
guiEndpointControlAdvanced: string
guiEnforceChangeSummary: string
guiExplicitProxy: string
guiFileFilter: string
guiFortiapSplitTunneling: string
guiFortiextenderController: string
guiIcap: string
guiImplicitPolicy: string
guiIps: string
guiLoadBalance: string
guiLocalInPolicy: string
guiLocalReports: string
guiMulticastPolicy: string
guiMultipleInterfacePolicy: string
guiMultipleUtmProfiles: string
guiNat4664: string
guiObjectColors: string
guiOt: string
guiPerPolicyDisclaimer: string
guiPolicyBasedIpsec: string
guiPolicyDisclaimer: string
guiPolicyLearning: string
guiProxyInspection: string
guiReplacementMessageGroups: string
guiRouteTagAddressCreation: string
guiSecurityProfileGroup: string
guiSpamfilter: string
guiSslvpn: string
guiSslvpnPersonalBookmarks: string
guiSslvpnRealms: string
guiSwitchController: string
guiThreatWeight: string
guiTrafficShaping: string
guiVideofilter: string
guiVirtualPatchProfile: string
guiVoipProfile: string
guiVpn: string
guiWafProfile: string
guiWanLoadBalancing: string
guiWanoptCache: string
guiWebfilter: string
guiWebfilterAdvanced: string
guiWirelessController: string
guiZtna: string
h323DirectModel: string
httpExternalDest: string
ikeDnFormat: string
ikeNattPort: 0
ikePolicyRoute: string
ikePort: 0
ikeQuickCrashDetect: string
ikeSessionResume: string
ikeTcpPort: 0
implicitAllowDns: string
inspectionMode: string
internetServiceAppCtrlSize: 0
internetServiceDatabaseCache: string
ip: string
ip6: string
lanExtensionControllerAddr: string
linkDownAccess: string
lldpReception: string
lldpTransmission: string
locationId: string
macTtl: 0
manageip: string
manageip6: string
multicastForward: string
multicastSkipPolicy: string
multicastTtlNotchange: string
nat46ForceIpv4PacketForwarding: string
nat46GenerateIpv6FragmentHeader: string
nat64ForceIpv6PacketForwarding: string
ngfwMode: string
opmode: string
prpTrailerAction: string
sccpPort: 0
sctpSessionWithoutInit: string
sesDeniedTraffic: string
sipExpectation: string
sipHelper: string
sipNatTrace: string
sipSslPort: 0
sipTcpPort: 0
sipUdpPort: 0
snatHairpinTraffic: string
sslSshProfile: string
status: string
strictSrcCheck: string
tcpSessionWithoutSyn: string
utf8SpamTagging: string
v4EcmpMode: string
vdomType: string
vdomparam: string
vpnStatsLog: string
vpnStatsPeriod: 0
wccpCacheEngine: string
Settings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Settings resource accepts the following input properties:
- Allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - Allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - Application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - Asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - Asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - Asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - Asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - Auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - Bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Bfd
Detect intMult - BFD detection multiplier (1 - 50, default = 3).
- Bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - Bfd
Required intMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - Central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - Comments string
- VDOM comments.
- Compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - Consolidated
Firewall stringMode - Consolidated firewall mode.
- Default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - Default
Policy intExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- Default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - Deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - Detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - Device string
- Interface to use for management access for NAT mode.
- Dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- Dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - Dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- Dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Server stringIp - DHCP Server IPv4 address.
- Discovered
Device intTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- Dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ecmp
Max intPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- Email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - Ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - Firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - Fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - Fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - Gateway string
- Transparent mode IPv4 default gateway IP address.
- Gateway6 string
- Transparent mode IPv4 default gateway IP address.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - Gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - Gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - Gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - Gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - Gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - Gui
Default List<Pulumiverse.Policy Columns Fortios. System. Inputs. Settings Gui Default Policy Column> - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - Gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - Gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - Gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - Gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - Gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - Gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - Gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - Gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - Gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - Gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - Gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - Gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - Gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - Gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - Gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - Gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - Gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - Gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - Gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - Gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - Gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - Gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - Gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - Gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - Gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - Gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - Gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - Gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - Gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - Gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - Gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - Gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - Gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - Gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - Gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - Gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - Gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - Gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - Gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - H323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - Http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - Ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - Ike
Natt intPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- Ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - Ike
Port int - UDP port for IKE/IPsec traffic (default 500).
- Ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - Ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - Ike
Tcp intPort - TCP port for IKE/IPsec traffic (default 4500).
- Implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - Inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - Internet
Service intApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- Internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - Ip string
- IP address and netmask.
- Ip6 string
- IPv6 address prefix for NAT mode.
- Lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- Link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Location
Id string - Local location ID in the form of an IPv4 address.
- Mac
Ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- Manageip string
- Transparent mode IPv4 management IP address and netmask.
- Manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- Multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - Multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - Multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - Nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - Nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - Nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - Ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - Opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - Prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - Sccp
Port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- Sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - Ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - Sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - Sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - Sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - Sip
Ssl intPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- Sip
Tcp intPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Sip
Udp intPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- Status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - Strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - Tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - Utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - V4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - Vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - Vpn
Stats intPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- Wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- Allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - Allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - Application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - Asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - Asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - Asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - Asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - Auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - Bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Bfd
Detect intMult - BFD detection multiplier (1 - 50, default = 3).
- Bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - Bfd
Required intMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - Central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - Comments string
- VDOM comments.
- Compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - Consolidated
Firewall stringMode - Consolidated firewall mode.
- Default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - Default
Policy intExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- Default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - Deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - Detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - Device string
- Interface to use for management access for NAT mode.
- Dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- Dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - Dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- Dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Server stringIp - DHCP Server IPv4 address.
- Discovered
Device intTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- Dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ecmp
Max intPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- Email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - Ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - Firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - Fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - Fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - Gateway string
- Transparent mode IPv4 default gateway IP address.
- Gateway6 string
- Transparent mode IPv4 default gateway IP address.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - Gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - Gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - Gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - Gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - Gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - Gui
Default []SettingsPolicy Columns Gui Default Policy Column Args - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - Gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - Gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - Gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - Gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - Gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - Gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - Gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - Gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - Gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - Gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - Gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - Gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - Gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - Gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - Gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - Gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - Gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - Gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - Gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - Gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - Gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - Gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - Gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - Gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - Gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - Gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - Gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - Gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - Gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - Gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - Gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - Gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - Gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - Gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - Gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - Gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - Gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - Gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - Gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - H323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - Http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - Ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - Ike
Natt intPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- Ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - Ike
Port int - UDP port for IKE/IPsec traffic (default 500).
- Ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - Ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - Ike
Tcp intPort - TCP port for IKE/IPsec traffic (default 4500).
- Implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - Inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - Internet
Service intApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- Internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - Ip string
- IP address and netmask.
- Ip6 string
- IPv6 address prefix for NAT mode.
- Lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- Link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Location
Id string - Local location ID in the form of an IPv4 address.
- Mac
Ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- Manageip string
- Transparent mode IPv4 management IP address and netmask.
- Manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- Multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - Multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - Multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - Nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - Nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - Nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - Ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - Opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - Prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - Sccp
Port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- Sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - Ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - Sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - Sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - Sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - Sip
Ssl intPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- Sip
Tcp intPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Sip
Udp intPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- Status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - Strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - Tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - Utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - V4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - Vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - Vpn
Stats intPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- Wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown StringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet StringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth StringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute String
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 String
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp String
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp String - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session String - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd String
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired IntegerMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect IntegerMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont StringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required IntegerMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land StringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat String - Enable/disable central NAT. Valid values:
enable
,disable
. - comments String
- VDOM comments.
- compliance
Check String - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall StringMode - Consolidated firewall mode.
- default
App StringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy IntegerExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip StringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp StringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown StringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device String
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip String - DHCPv6 server IPv6 address.
- dhcp
Proxy String - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy StringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server StringIp - DHCP Server IPv4 address.
- discovered
Device IntegerTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr StringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max IntegerPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal StringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource StringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session StringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session StringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session StringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway String
- Transparent mode IPv4 default gateway IP address.
- gateway6 String
- Transparent mode IPv4 default gateway IP address.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced StringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced StringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow StringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus String - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap StringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application StringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb String - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default List<SettingsPolicy Columns Gui Default Policy Column> - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp StringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp String - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp StringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns StringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter String - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain StringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos StringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic StringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email StringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce StringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit StringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File StringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap StringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender StringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap String - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit StringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips String - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load StringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local StringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local StringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast StringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 String - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object StringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot String - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per StringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy StringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy StringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement StringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route StringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security StringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter String - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn String - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch StringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat StringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic StringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter String - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual StringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip StringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn String - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf StringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan StringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt StringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter String - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter StringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless StringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna String - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model String - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External StringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn StringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt IntegerPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy StringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port Integer - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick StringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session StringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp IntegerPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow StringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode String - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service IntegerApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service StringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip String
- IP address and netmask.
- ip6 String
- IPv6 address prefix for NAT mode.
- lan
Extension StringController Addr - Controller IP address or FQDN to connect.
- link
Down StringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id String - Local location ID in the form of an IPv4 address.
- mac
Ttl Integer - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip String
- Transparent mode IPv4 management IP address and netmask.
- manageip6 String
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward String - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip StringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl StringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet StringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment StringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet StringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode String - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode String
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer StringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port Integer - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session StringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied StringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation String - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper String - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat StringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl IntegerPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp IntegerPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp IntegerPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin StringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Profile for SSL/SSH inspection.
- status String
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src StringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session StringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging String - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode String - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type String - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats StringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats IntegerPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache StringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired numberMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect numberMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required numberMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - comments string
- VDOM comments.
- compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall stringMode - Consolidated firewall mode.
- default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy numberExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device string
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server stringIp - DHCP Server IPv4 address.
- discovered
Device numberTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max numberPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway string
- Transparent mode IPv4 default gateway IP address.
- gateway6 string
- Transparent mode IPv4 default gateway IP address.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default SettingsPolicy Columns Gui Default Policy Column[] - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt numberPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port number - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp numberPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service numberApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip string
- IP address and netmask.
- ip6 string
- IPv6 address prefix for NAT mode.
- lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id string - Local location ID in the form of an IPv4 address.
- mac
Ttl number - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip string
- Transparent mode IPv4 management IP address and netmask.
- manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port number - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl numberPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp numberPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp numberPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats numberPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow_
linkdown_ strpath - Enable/disable link down path. Valid values:
enable
,disable
. - allow_
subnet_ stroverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application_
bandwidth_ strtracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute str
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 str
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6_
icmp str - Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute_
icmp str - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary_
session str - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd str
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd_
desired_ intmin_ tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd_
detect_ intmult - BFD detection multiplier (1 - 50, default = 3).
- bfd_
dont_ strenforce_ src_ port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd_
required_ intmin_ rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block_
land_ strattack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central_
nat str - Enable/disable central NAT. Valid values:
enable
,disable
. - comments str
- VDOM comments.
- compliance_
check str - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated_
firewall_ strmode - Consolidated firewall mode.
- default_
app_ strport_ as_ service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default_
policy_ intexpiry_ days - Default policy expiry in days (0 - 365 days, default = 30).
- default_
voip_ stralg_ mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny_
tcp_ strwith_ icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect_
unknown_ stresp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device str
- Interface to use for management access for NAT mode.
- dhcp6_
server_ strip - DHCPv6 server IPv6 address.
- dhcp_
proxy str - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp_
proxy_ strinterface - Specify outgoing interface to reach server.
- dhcp_
proxy_ strinterface_ select_ method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp_
server_ strip - DHCP Server IPv4 address.
- discovered_
device_ inttimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn_
addr_ strsession_ check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp_
max_ intpaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email_
portal_ strcheck_ dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext_
resource_ strsession_ check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall_
session_ strdirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn_
session_ strcheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw_
session_ strhairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway str
- Transparent mode IPv4 default gateway IP address.
- gateway6 str
- Transparent mode IPv4 default gateway IP address.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui_
advanced_ strpolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui_
advanced_ strwireless_ features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui_
allow_ strunnamed_ policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui_
antivirus str - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui_
ap_ strprofile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui_
application_ strcontrol - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui_
casb str - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui_
default_ Sequence[Settingspolicy_ columns Gui Default Policy Column Args] - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui_
dhcp_ stradvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui_
dlp str - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui_
dlp_ strprofile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui_
dns_ strdatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui_
dnsfilter str - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui_
domain_ strip_ reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui_
dos_ strpolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui_
dynamic_ strdevice_ os_ id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui_
dynamic_ strprofile_ display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui_
dynamic_ strrouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui_
email_ strcollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui_
endpoint_ strcontrol - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui_
endpoint_ strcontrol_ advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui_
enforce_ strchange_ summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui_
explicit_ strproxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui_
file_ strfilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui_
fortiap_ strsplit_ tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui_
fortiextender_ strcontroller - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui_
icap str - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui_
implicit_ strpolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui_
ips str - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui_
load_ strbalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui_
local_ strin_ policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui_
local_ strreports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui_
multicast_ strpolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui_
multiple_ strinterface_ policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui_
multiple_ strutm_ profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui_
nat4664 str - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui_
object_ strcolors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui_
ot str - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui_
per_ strpolicy_ disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strbased_ ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strdisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strlearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui_
proxy_ strinspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui_
replacement_ strmessage_ groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui_
route_ strtag_ address_ creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui_
security_ strprofile_ group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui_
spamfilter str - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn str - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn_ strpersonal_ bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn_ strrealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui_
switch_ strcontroller - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui_
threat_ strweight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui_
traffic_ strshaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui_
videofilter str - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui_
virtual_ strpatch_ profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui_
voip_ strprofile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui_
vpn str - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui_
waf_ strprofile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui_
wan_ strload_ balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui_
wanopt_ strcache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui_
webfilter str - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui_
webfilter_ stradvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui_
wireless_ strcontroller - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui_
ztna str - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323_
direct_ strmodel - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http_
external_ strdest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike_
dn_ strformat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike_
natt_ intport - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike_
policy_ strroute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike_
port int - UDP port for IKE/IPsec traffic (default 500).
- ike_
quick_ strcrash_ detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike_
session_ strresume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike_
tcp_ intport - TCP port for IKE/IPsec traffic (default 4500).
- implicit_
allow_ strdns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection_
mode str - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet_
service_ intapp_ ctrl_ size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet_
service_ strdatabase_ cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip str
- IP address and netmask.
- ip6 str
- IPv6 address prefix for NAT mode.
- lan_
extension_ strcontroller_ addr - Controller IP address or FQDN to connect.
- link_
down_ straccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp_
reception str - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp_
transmission str - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location_
id str - Local location ID in the form of an IPv4 address.
- mac_
ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip str
- Transparent mode IPv4 management IP address and netmask.
- manageip6 str
- Transparent mode IPv6 management IP address and netmask.
- multicast_
forward str - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast_
skip_ strpolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast_
ttl_ strnotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46_
force_ stripv4_ packet_ forwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46_
generate_ stripv6_ fragment_ header - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64_
force_ stripv6_ packet_ forwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw_
mode str - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode str
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp_
trailer_ straction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp_
port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp_
session_ strwithout_ init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses_
denied_ strtraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip_
expectation str - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip_
helper str - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip_
nat_ strtrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip_
ssl_ intport - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip_
tcp_ intport - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip_
udp_ intport - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat_
hairpin_ strtraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl_
ssh_ strprofile - Profile for SSL/SSH inspection.
- status str
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict_
src_ strcheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp_
session_ strwithout_ syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8_
spam_ strtagging - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4_
ecmp_ strmode - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom_
type str - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn_
stats_ strlog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn_
stats_ intperiod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp_
cache_ strengine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown StringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet StringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth StringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute String
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 String
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp String
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp String - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session String - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd String
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired NumberMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect NumberMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont StringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required NumberMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land StringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat String - Enable/disable central NAT. Valid values:
enable
,disable
. - comments String
- VDOM comments.
- compliance
Check String - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall StringMode - Consolidated firewall mode.
- default
App StringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy NumberExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip StringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp StringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown StringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device String
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip String - DHCPv6 server IPv6 address.
- dhcp
Proxy String - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy StringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server StringIp - DHCP Server IPv4 address.
- discovered
Device NumberTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr StringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max NumberPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal StringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource StringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session StringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session StringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session StringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway String
- Transparent mode IPv4 default gateway IP address.
- gateway6 String
- Transparent mode IPv4 default gateway IP address.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced StringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced StringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow StringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus String - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap StringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application StringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb String - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default List<Property Map>Policy Columns - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp StringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp String - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp StringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns StringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter String - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain StringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos StringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic StringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email StringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce StringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit StringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File StringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap StringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender StringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap String - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit StringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips String - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load StringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local StringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local StringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast StringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 String - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object StringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot String - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per StringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy StringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy StringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement StringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route StringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security StringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter String - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn String - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch StringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat StringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic StringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter String - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual StringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip StringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn String - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf StringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan StringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt StringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter String - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter StringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless StringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna String - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model String - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External StringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn StringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt NumberPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy StringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port Number - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick StringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session StringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp NumberPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow StringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode String - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service NumberApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service StringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip String
- IP address and netmask.
- ip6 String
- IPv6 address prefix for NAT mode.
- lan
Extension StringController Addr - Controller IP address or FQDN to connect.
- link
Down StringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id String - Local location ID in the form of an IPv4 address.
- mac
Ttl Number - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip String
- Transparent mode IPv4 management IP address and netmask.
- manageip6 String
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward String - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip StringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl StringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet StringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment StringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet StringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode String - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode String
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer StringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port Number - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session StringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied StringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation String - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper String - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat StringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl NumberPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp NumberPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp NumberPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin StringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Profile for SSL/SSH inspection.
- status String
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src StringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session StringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging String - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode String - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type String - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats StringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats NumberPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache StringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Settings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Settings Resource
Get an existing Settings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SettingsState, opts?: CustomResourceOptions): Settings
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_linkdown_path: Optional[str] = None,
allow_subnet_overlap: Optional[str] = None,
application_bandwidth_tracking: Optional[str] = None,
asymroute: Optional[str] = None,
asymroute6: Optional[str] = None,
asymroute6_icmp: Optional[str] = None,
asymroute_icmp: Optional[str] = None,
auxiliary_session: Optional[str] = None,
bfd: Optional[str] = None,
bfd_desired_min_tx: Optional[int] = None,
bfd_detect_mult: Optional[int] = None,
bfd_dont_enforce_src_port: Optional[str] = None,
bfd_required_min_rx: Optional[int] = None,
block_land_attack: Optional[str] = None,
central_nat: Optional[str] = None,
comments: Optional[str] = None,
compliance_check: Optional[str] = None,
consolidated_firewall_mode: Optional[str] = None,
default_app_port_as_service: Optional[str] = None,
default_policy_expiry_days: Optional[int] = None,
default_voip_alg_mode: Optional[str] = None,
deny_tcp_with_icmp: Optional[str] = None,
detect_unknown_esp: Optional[str] = None,
device: Optional[str] = None,
dhcp6_server_ip: Optional[str] = None,
dhcp_proxy: Optional[str] = None,
dhcp_proxy_interface: Optional[str] = None,
dhcp_proxy_interface_select_method: Optional[str] = None,
dhcp_server_ip: Optional[str] = None,
discovered_device_timeout: Optional[int] = None,
dyn_addr_session_check: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
ecmp_max_paths: Optional[int] = None,
email_portal_check_dns: Optional[str] = None,
ext_resource_session_check: Optional[str] = None,
firewall_session_dirty: Optional[str] = None,
fqdn_session_check: Optional[str] = None,
fw_session_hairpin: Optional[str] = None,
gateway: Optional[str] = None,
gateway6: Optional[str] = None,
get_all_tables: Optional[str] = None,
gui_advanced_policy: Optional[str] = None,
gui_advanced_wireless_features: Optional[str] = None,
gui_allow_unnamed_policy: Optional[str] = None,
gui_antivirus: Optional[str] = None,
gui_ap_profile: Optional[str] = None,
gui_application_control: Optional[str] = None,
gui_casb: Optional[str] = None,
gui_default_policy_columns: Optional[Sequence[SettingsGuiDefaultPolicyColumnArgs]] = None,
gui_dhcp_advanced: Optional[str] = None,
gui_dlp: Optional[str] = None,
gui_dlp_profile: Optional[str] = None,
gui_dns_database: Optional[str] = None,
gui_dnsfilter: Optional[str] = None,
gui_domain_ip_reputation: Optional[str] = None,
gui_dos_policy: Optional[str] = None,
gui_dynamic_device_os_id: Optional[str] = None,
gui_dynamic_profile_display: Optional[str] = None,
gui_dynamic_routing: Optional[str] = None,
gui_email_collection: Optional[str] = None,
gui_endpoint_control: Optional[str] = None,
gui_endpoint_control_advanced: Optional[str] = None,
gui_enforce_change_summary: Optional[str] = None,
gui_explicit_proxy: Optional[str] = None,
gui_file_filter: Optional[str] = None,
gui_fortiap_split_tunneling: Optional[str] = None,
gui_fortiextender_controller: Optional[str] = None,
gui_icap: Optional[str] = None,
gui_implicit_policy: Optional[str] = None,
gui_ips: Optional[str] = None,
gui_load_balance: Optional[str] = None,
gui_local_in_policy: Optional[str] = None,
gui_local_reports: Optional[str] = None,
gui_multicast_policy: Optional[str] = None,
gui_multiple_interface_policy: Optional[str] = None,
gui_multiple_utm_profiles: Optional[str] = None,
gui_nat4664: Optional[str] = None,
gui_object_colors: Optional[str] = None,
gui_ot: Optional[str] = None,
gui_per_policy_disclaimer: Optional[str] = None,
gui_policy_based_ipsec: Optional[str] = None,
gui_policy_disclaimer: Optional[str] = None,
gui_policy_learning: Optional[str] = None,
gui_proxy_inspection: Optional[str] = None,
gui_replacement_message_groups: Optional[str] = None,
gui_route_tag_address_creation: Optional[str] = None,
gui_security_profile_group: Optional[str] = None,
gui_spamfilter: Optional[str] = None,
gui_sslvpn: Optional[str] = None,
gui_sslvpn_personal_bookmarks: Optional[str] = None,
gui_sslvpn_realms: Optional[str] = None,
gui_switch_controller: Optional[str] = None,
gui_threat_weight: Optional[str] = None,
gui_traffic_shaping: Optional[str] = None,
gui_videofilter: Optional[str] = None,
gui_virtual_patch_profile: Optional[str] = None,
gui_voip_profile: Optional[str] = None,
gui_vpn: Optional[str] = None,
gui_waf_profile: Optional[str] = None,
gui_wan_load_balancing: Optional[str] = None,
gui_wanopt_cache: Optional[str] = None,
gui_webfilter: Optional[str] = None,
gui_webfilter_advanced: Optional[str] = None,
gui_wireless_controller: Optional[str] = None,
gui_ztna: Optional[str] = None,
h323_direct_model: Optional[str] = None,
http_external_dest: Optional[str] = None,
ike_dn_format: Optional[str] = None,
ike_natt_port: Optional[int] = None,
ike_policy_route: Optional[str] = None,
ike_port: Optional[int] = None,
ike_quick_crash_detect: Optional[str] = None,
ike_session_resume: Optional[str] = None,
ike_tcp_port: Optional[int] = None,
implicit_allow_dns: Optional[str] = None,
inspection_mode: Optional[str] = None,
internet_service_app_ctrl_size: Optional[int] = None,
internet_service_database_cache: Optional[str] = None,
ip: Optional[str] = None,
ip6: Optional[str] = None,
lan_extension_controller_addr: Optional[str] = None,
link_down_access: Optional[str] = None,
lldp_reception: Optional[str] = None,
lldp_transmission: Optional[str] = None,
location_id: Optional[str] = None,
mac_ttl: Optional[int] = None,
manageip: Optional[str] = None,
manageip6: Optional[str] = None,
multicast_forward: Optional[str] = None,
multicast_skip_policy: Optional[str] = None,
multicast_ttl_notchange: Optional[str] = None,
nat46_force_ipv4_packet_forwarding: Optional[str] = None,
nat46_generate_ipv6_fragment_header: Optional[str] = None,
nat64_force_ipv6_packet_forwarding: Optional[str] = None,
ngfw_mode: Optional[str] = None,
opmode: Optional[str] = None,
prp_trailer_action: Optional[str] = None,
sccp_port: Optional[int] = None,
sctp_session_without_init: Optional[str] = None,
ses_denied_traffic: Optional[str] = None,
sip_expectation: Optional[str] = None,
sip_helper: Optional[str] = None,
sip_nat_trace: Optional[str] = None,
sip_ssl_port: Optional[int] = None,
sip_tcp_port: Optional[int] = None,
sip_udp_port: Optional[int] = None,
snat_hairpin_traffic: Optional[str] = None,
ssl_ssh_profile: Optional[str] = None,
status: Optional[str] = None,
strict_src_check: Optional[str] = None,
tcp_session_without_syn: Optional[str] = None,
utf8_spam_tagging: Optional[str] = None,
v4_ecmp_mode: Optional[str] = None,
vdom_type: Optional[str] = None,
vdomparam: Optional[str] = None,
vpn_stats_log: Optional[str] = None,
vpn_stats_period: Optional[int] = None,
wccp_cache_engine: Optional[str] = None) -> Settings
func GetSettings(ctx *Context, name string, id IDInput, state *SettingsState, opts ...ResourceOption) (*Settings, error)
public static Settings Get(string name, Input<string> id, SettingsState? state, CustomResourceOptions? opts = null)
public static Settings get(String name, Output<String> id, SettingsState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - Allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - Application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - Asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - Asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - Asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - Asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - Auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - Bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Bfd
Detect intMult - BFD detection multiplier (1 - 50, default = 3).
- Bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - Bfd
Required intMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - Central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - Comments string
- VDOM comments.
- Compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - Consolidated
Firewall stringMode - Consolidated firewall mode.
- Default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - Default
Policy intExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- Default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - Deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - Detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - Device string
- Interface to use for management access for NAT mode.
- Dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- Dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - Dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- Dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Server stringIp - DHCP Server IPv4 address.
- Discovered
Device intTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- Dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ecmp
Max intPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- Email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - Ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - Firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - Fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - Fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - Gateway string
- Transparent mode IPv4 default gateway IP address.
- Gateway6 string
- Transparent mode IPv4 default gateway IP address.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - Gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - Gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - Gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - Gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - Gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - Gui
Default List<Pulumiverse.Policy Columns Fortios. System. Inputs. Settings Gui Default Policy Column> - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - Gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - Gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - Gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - Gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - Gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - Gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - Gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - Gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - Gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - Gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - Gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - Gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - Gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - Gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - Gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - Gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - Gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - Gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - Gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - Gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - Gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - Gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - Gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - Gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - Gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - Gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - Gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - Gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - Gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - Gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - Gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - Gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - Gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - Gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - Gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - Gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - Gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - Gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - Gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - H323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - Http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - Ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - Ike
Natt intPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- Ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - Ike
Port int - UDP port for IKE/IPsec traffic (default 500).
- Ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - Ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - Ike
Tcp intPort - TCP port for IKE/IPsec traffic (default 4500).
- Implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - Inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - Internet
Service intApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- Internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - Ip string
- IP address and netmask.
- Ip6 string
- IPv6 address prefix for NAT mode.
- Lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- Link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Location
Id string - Local location ID in the form of an IPv4 address.
- Mac
Ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- Manageip string
- Transparent mode IPv4 management IP address and netmask.
- Manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- Multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - Multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - Multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - Nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - Nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - Nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - Ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - Opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - Prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - Sccp
Port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- Sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - Ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - Sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - Sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - Sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - Sip
Ssl intPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- Sip
Tcp intPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Sip
Udp intPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- Status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - Strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - Tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - Utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - V4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - Vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - Vpn
Stats intPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- Wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- Allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - Allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - Application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - Asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - Asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - Asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - Asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - Auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - Bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - Bfd
Desired intMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Bfd
Detect intMult - BFD detection multiplier (1 - 50, default = 3).
- Bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - Bfd
Required intMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- Block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - Central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - Comments string
- VDOM comments.
- Compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - Consolidated
Firewall stringMode - Consolidated firewall mode.
- Default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - Default
Policy intExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- Default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - Deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - Detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - Device string
- Interface to use for management access for NAT mode.
- Dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- Dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - Dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- Dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Dhcp
Server stringIp - DHCP Server IPv4 address.
- Discovered
Device intTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- Dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Ecmp
Max intPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- Email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - Ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - Firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - Fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - Fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - Gateway string
- Transparent mode IPv4 default gateway IP address.
- Gateway6 string
- Transparent mode IPv4 default gateway IP address.
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - Gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - Gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - Gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - Gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - Gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - Gui
Default []SettingsPolicy Columns Gui Default Policy Column Args - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - Gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - Gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - Gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - Gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - Gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - Gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - Gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - Gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - Gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - Gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - Gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - Gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - Gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - Gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - Gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - Gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - Gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - Gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - Gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - Gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - Gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - Gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - Gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - Gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - Gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - Gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - Gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - Gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - Gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - Gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - Gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - Gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - Gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - Gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - Gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - Gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - Gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - Gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - Gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - Gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - Gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - Gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - Gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - Gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - Gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - Gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - H323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - Http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - Ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - Ike
Natt intPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- Ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - Ike
Port int - UDP port for IKE/IPsec traffic (default 500).
- Ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - Ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - Ike
Tcp intPort - TCP port for IKE/IPsec traffic (default 4500).
- Implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - Inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - Internet
Service intApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- Internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - Ip string
- IP address and netmask.
- Ip6 string
- IPv6 address prefix for NAT mode.
- Lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- Link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - Lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - Location
Id string - Local location ID in the form of an IPv4 address.
- Mac
Ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- Manageip string
- Transparent mode IPv4 management IP address and netmask.
- Manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- Multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - Multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - Multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - Nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - Nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - Nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - Ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - Opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - Prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - Sccp
Port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- Sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - Ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - Sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - Sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - Sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - Sip
Ssl intPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- Sip
Tcp intPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Sip
Udp intPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- Snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - Ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- Status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - Strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - Tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - Utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - V4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - Vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - Vpn
Stats intPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- Wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown StringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet StringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth StringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute String
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 String
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp String
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp String - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session String - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd String
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired IntegerMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect IntegerMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont StringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required IntegerMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land StringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat String - Enable/disable central NAT. Valid values:
enable
,disable
. - comments String
- VDOM comments.
- compliance
Check String - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall StringMode - Consolidated firewall mode.
- default
App StringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy IntegerExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip StringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp StringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown StringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device String
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip String - DHCPv6 server IPv6 address.
- dhcp
Proxy String - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy StringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server StringIp - DHCP Server IPv4 address.
- discovered
Device IntegerTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr StringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max IntegerPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal StringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource StringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session StringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session StringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session StringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway String
- Transparent mode IPv4 default gateway IP address.
- gateway6 String
- Transparent mode IPv4 default gateway IP address.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced StringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced StringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow StringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus String - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap StringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application StringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb String - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default List<SettingsPolicy Columns Gui Default Policy Column> - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp StringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp String - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp StringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns StringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter String - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain StringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos StringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic StringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email StringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce StringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit StringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File StringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap StringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender StringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap String - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit StringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips String - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load StringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local StringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local StringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast StringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 String - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object StringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot String - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per StringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy StringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy StringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement StringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route StringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security StringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter String - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn String - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch StringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat StringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic StringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter String - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual StringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip StringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn String - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf StringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan StringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt StringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter String - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter StringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless StringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna String - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model String - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External StringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn StringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt IntegerPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy StringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port Integer - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick StringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session StringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp IntegerPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow StringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode String - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service IntegerApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service StringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip String
- IP address and netmask.
- ip6 String
- IPv6 address prefix for NAT mode.
- lan
Extension StringController Addr - Controller IP address or FQDN to connect.
- link
Down StringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id String - Local location ID in the form of an IPv4 address.
- mac
Ttl Integer - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip String
- Transparent mode IPv4 management IP address and netmask.
- manageip6 String
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward String - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip StringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl StringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet StringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment StringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet StringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode String - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode String
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer StringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port Integer - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session StringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied StringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation String - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper String - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat StringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl IntegerPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp IntegerPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp IntegerPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin StringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Profile for SSL/SSH inspection.
- status String
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src StringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session StringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging String - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode String - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type String - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats StringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats IntegerPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache StringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown stringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet stringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth stringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute string
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 string
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp string
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp string - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session string - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd string
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired numberMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect numberMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont stringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required numberMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land stringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat string - Enable/disable central NAT. Valid values:
enable
,disable
. - comments string
- VDOM comments.
- compliance
Check string - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall stringMode - Consolidated firewall mode.
- default
App stringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy numberExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip stringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp stringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown stringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device string
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip string - DHCPv6 server IPv6 address.
- dhcp
Proxy string - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy stringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy stringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server stringIp - DHCP Server IPv4 address.
- discovered
Device numberTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr stringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max numberPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal stringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource stringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session stringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session stringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session stringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway string
- Transparent mode IPv4 default gateway IP address.
- gateway6 string
- Transparent mode IPv4 default gateway IP address.
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced stringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced stringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow stringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus string - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap stringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application stringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb string - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default SettingsPolicy Columns Gui Default Policy Column[] - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp stringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp string - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp stringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns stringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter string - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain stringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos stringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic stringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic stringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic stringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email stringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint stringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint stringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce stringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit stringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File stringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap stringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender stringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap string - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit stringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips string - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load stringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local stringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local stringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast stringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple stringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple stringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 string - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object stringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot string - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per stringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy stringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy stringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy stringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy stringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement stringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route stringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security stringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter string - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn string - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn stringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn stringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch stringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat stringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic stringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter string - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual stringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip stringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn string - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf stringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan stringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt stringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter string - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter stringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless stringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna string - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model string - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External stringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn stringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt numberPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy stringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port number - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick stringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session stringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp numberPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow stringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode string - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service numberApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service stringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip string
- IP address and netmask.
- ip6 string
- IPv6 address prefix for NAT mode.
- lan
Extension stringController Addr - Controller IP address or FQDN to connect.
- link
Down stringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception string - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission string - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id string - Local location ID in the form of an IPv4 address.
- mac
Ttl number - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip string
- Transparent mode IPv4 management IP address and netmask.
- manageip6 string
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward string - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip stringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl stringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet stringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment stringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet stringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode string - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode string
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer stringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port number - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session stringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied stringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation string - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper string - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat stringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl numberPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp numberPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp numberPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin stringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh stringProfile - Profile for SSL/SSH inspection.
- status string
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src stringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session stringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging string - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode string - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type string - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats stringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats numberPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache stringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow_
linkdown_ strpath - Enable/disable link down path. Valid values:
enable
,disable
. - allow_
subnet_ stroverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application_
bandwidth_ strtracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute str
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 str
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6_
icmp str - Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute_
icmp str - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary_
session str - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd str
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd_
desired_ intmin_ tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd_
detect_ intmult - BFD detection multiplier (1 - 50, default = 3).
- bfd_
dont_ strenforce_ src_ port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd_
required_ intmin_ rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block_
land_ strattack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central_
nat str - Enable/disable central NAT. Valid values:
enable
,disable
. - comments str
- VDOM comments.
- compliance_
check str - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated_
firewall_ strmode - Consolidated firewall mode.
- default_
app_ strport_ as_ service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default_
policy_ intexpiry_ days - Default policy expiry in days (0 - 365 days, default = 30).
- default_
voip_ stralg_ mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny_
tcp_ strwith_ icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect_
unknown_ stresp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device str
- Interface to use for management access for NAT mode.
- dhcp6_
server_ strip - DHCPv6 server IPv6 address.
- dhcp_
proxy str - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp_
proxy_ strinterface - Specify outgoing interface to reach server.
- dhcp_
proxy_ strinterface_ select_ method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp_
server_ strip - DHCP Server IPv4 address.
- discovered_
device_ inttimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn_
addr_ strsession_ check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp_
max_ intpaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email_
portal_ strcheck_ dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext_
resource_ strsession_ check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall_
session_ strdirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn_
session_ strcheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw_
session_ strhairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway str
- Transparent mode IPv4 default gateway IP address.
- gateway6 str
- Transparent mode IPv4 default gateway IP address.
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui_
advanced_ strpolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui_
advanced_ strwireless_ features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui_
allow_ strunnamed_ policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui_
antivirus str - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui_
ap_ strprofile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui_
application_ strcontrol - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui_
casb str - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui_
default_ Sequence[Settingspolicy_ columns Gui Default Policy Column Args] - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui_
dhcp_ stradvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui_
dlp str - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui_
dlp_ strprofile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui_
dns_ strdatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui_
dnsfilter str - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui_
domain_ strip_ reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui_
dos_ strpolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui_
dynamic_ strdevice_ os_ id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui_
dynamic_ strprofile_ display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui_
dynamic_ strrouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui_
email_ strcollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui_
endpoint_ strcontrol - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui_
endpoint_ strcontrol_ advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui_
enforce_ strchange_ summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui_
explicit_ strproxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui_
file_ strfilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui_
fortiap_ strsplit_ tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui_
fortiextender_ strcontroller - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui_
icap str - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui_
implicit_ strpolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui_
ips str - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui_
load_ strbalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui_
local_ strin_ policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui_
local_ strreports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui_
multicast_ strpolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui_
multiple_ strinterface_ policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui_
multiple_ strutm_ profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui_
nat4664 str - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui_
object_ strcolors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui_
ot str - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui_
per_ strpolicy_ disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strbased_ ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strdisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui_
policy_ strlearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui_
proxy_ strinspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui_
replacement_ strmessage_ groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui_
route_ strtag_ address_ creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui_
security_ strprofile_ group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui_
spamfilter str - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn str - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn_ strpersonal_ bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui_
sslvpn_ strrealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui_
switch_ strcontroller - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui_
threat_ strweight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui_
traffic_ strshaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui_
videofilter str - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui_
virtual_ strpatch_ profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui_
voip_ strprofile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui_
vpn str - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui_
waf_ strprofile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui_
wan_ strload_ balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui_
wanopt_ strcache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui_
webfilter str - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui_
webfilter_ stradvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui_
wireless_ strcontroller - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui_
ztna str - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323_
direct_ strmodel - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http_
external_ strdest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike_
dn_ strformat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike_
natt_ intport - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike_
policy_ strroute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike_
port int - UDP port for IKE/IPsec traffic (default 500).
- ike_
quick_ strcrash_ detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike_
session_ strresume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike_
tcp_ intport - TCP port for IKE/IPsec traffic (default 4500).
- implicit_
allow_ strdns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection_
mode str - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet_
service_ intapp_ ctrl_ size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet_
service_ strdatabase_ cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip str
- IP address and netmask.
- ip6 str
- IPv6 address prefix for NAT mode.
- lan_
extension_ strcontroller_ addr - Controller IP address or FQDN to connect.
- link_
down_ straccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp_
reception str - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp_
transmission str - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location_
id str - Local location ID in the form of an IPv4 address.
- mac_
ttl int - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip str
- Transparent mode IPv4 management IP address and netmask.
- manageip6 str
- Transparent mode IPv6 management IP address and netmask.
- multicast_
forward str - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast_
skip_ strpolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast_
ttl_ strnotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46_
force_ stripv4_ packet_ forwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46_
generate_ stripv6_ fragment_ header - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64_
force_ stripv6_ packet_ forwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw_
mode str - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode str
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp_
trailer_ straction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp_
port int - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp_
session_ strwithout_ init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses_
denied_ strtraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip_
expectation str - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip_
helper str - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip_
nat_ strtrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip_
ssl_ intport - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip_
tcp_ intport - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip_
udp_ intport - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat_
hairpin_ strtraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl_
ssh_ strprofile - Profile for SSL/SSH inspection.
- status str
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict_
src_ strcheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp_
session_ strwithout_ syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8_
spam_ strtagging - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4_
ecmp_ strmode - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom_
type str - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn_
stats_ strlog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn_
stats_ intperiod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp_
cache_ strengine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
- allow
Linkdown StringPath - Enable/disable link down path. Valid values:
enable
,disable
. - allow
Subnet StringOverlap - Enable/disable allowing interface subnets to use overlapping IP addresses. Valid values:
enable
,disable
. - application
Bandwidth StringTracking - Enable/disable application bandwidth tracking. Valid values:
disable
,enable
. - asymroute String
- Enable/disable IPv4 asymmetric routing. Valid values:
enable
,disable
. - asymroute6 String
- Enable/disable asymmetric IPv6 routing. Valid values:
enable
,disable
. - asymroute6Icmp String
- Enable/disable asymmetric ICMPv6 routing. Valid values:
enable
,disable
. - asymroute
Icmp String - Enable/disable ICMP asymmetric routing. Valid values:
enable
,disable
. - auxiliary
Session String - Enable/disable auxiliary session. Valid values:
enable
,disable
. - bfd String
- Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. Valid values:
enable
,disable
. - bfd
Desired NumberMin Tx - BFD desired minimal transmit interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- bfd
Detect NumberMult - BFD detection multiplier (1 - 50, default = 3).
- bfd
Dont StringEnforce Src Port - Enable to not enforce verifying the source port of BFD Packets. Valid values:
enable
,disable
. - bfd
Required NumberMin Rx - BFD required minimal receive interval (1 - 100000 ms). On FortiOS versions 6.2.0-6.4.15: default = 50. On FortiOS versions >= 7.0.0: default = 250.
- block
Land StringAttack - Enable/disable blocking of land attacks. Valid values:
disable
,enable
. - central
Nat String - Enable/disable central NAT. Valid values:
enable
,disable
. - comments String
- VDOM comments.
- compliance
Check String - Enable/disable PCI DSS compliance checking. Valid values:
enable
,disable
. - consolidated
Firewall StringMode - Consolidated firewall mode.
- default
App StringPort As Service - Enable/disable policy service enforcement based on application default ports. Valid values:
enable
,disable
. - default
Policy NumberExpiry Days - Default policy expiry in days (0 - 365 days, default = 30).
- default
Voip StringAlg Mode - Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn't include a VoIP profile. Valid values:
proxy-based
,kernel-helper-based
. - deny
Tcp StringWith Icmp - Enable/disable denying TCP by sending an ICMP communication prohibited packet. Valid values:
enable
,disable
. - detect
Unknown StringEsp - Enable/disable detection of unknown ESP packets (default = enable). Valid values:
enable
,disable
. - device String
- Interface to use for management access for NAT mode.
- dhcp6Server
Ip String - DHCPv6 server IPv6 address.
- dhcp
Proxy String - Enable/disable the DHCP Proxy. Valid values:
enable
,disable
. - dhcp
Proxy StringInterface - Specify outgoing interface to reach server.
- dhcp
Proxy StringInterface Select Method - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - dhcp
Server StringIp - DHCP Server IPv4 address.
- discovered
Device NumberTimeout - Timeout for discovered devices (1 - 365 days, default = 28).
- dyn
Addr StringSession Check - Enable/disable dirty session check caused by dynamic address updates. Valid values:
enable
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- ecmp
Max NumberPaths - Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing. On FortiOS versions 6.2.0: 1 - 100, default = 10. On FortiOS versions >= 6.2.4: 1 - 255, default = 255.
- email
Portal StringCheck Dns - Enable/disable using DNS to validate email addresses collected by a captive portal. Valid values:
disable
,enable
. - ext
Resource StringSession Check - Enable/disable dirty session check caused by external resource updates. Valid values:
enable
,disable
. - firewall
Session StringDirty - Select how to manage sessions affected by firewall policy configuration changes. Valid values:
check-all
,check-new
,check-policy-option
. - fqdn
Session StringCheck - Enable/disable dirty session check caused by FQDN updates. Valid values:
enable
,disable
. - fw
Session StringHairpin - Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. Valid values:
enable
,disable
. - gateway String
- Transparent mode IPv4 default gateway IP address.
- gateway6 String
- Transparent mode IPv4 default gateway IP address.
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gui
Advanced StringPolicy - Enable/disable advanced policy configuration on the GUI. Valid values:
enable
,disable
. - gui
Advanced StringWireless Features - Enable/disable advanced wireless features in GUI. Valid values:
enable
,disable
. - gui
Allow StringUnnamed Policy - Enable/disable the requirement for policy naming on the GUI. Valid values:
enable
,disable
. - gui
Antivirus String - Enable/disable AntiVirus on the GUI. Valid values:
enable
,disable
. - gui
Ap StringProfile - Enable/disable FortiAP profiles on the GUI. Valid values:
enable
,disable
. - gui
Application StringControl - Enable/disable application control on the GUI. Valid values:
enable
,disable
. - gui
Casb String - Enable/disable Inline-CASB on the GUI. Valid values:
enable
,disable
. - gui
Default List<Property Map>Policy Columns - Default columns to display for policy lists on GUI. The structure of
gui_default_policy_columns
block is documented below. - gui
Dhcp StringAdvanced - Enable/disable advanced DHCP options on the GUI. Valid values:
enable
,disable
. - gui
Dlp String - Enable/disable DLP on the GUI. Valid values:
enable
,disable
. - gui
Dlp StringProfile - Enable/disable Data Leak Prevention on the GUI. Valid values:
enable
,disable
. - gui
Dns StringDatabase - Enable/disable DNS database settings on the GUI. Valid values:
enable
,disable
. - gui
Dnsfilter String - Enable/disable DNS Filtering on the GUI. Valid values:
enable
,disable
. - gui
Domain StringIp Reputation - Enable/disable Domain and IP Reputation on the GUI. Valid values:
enable
,disable
. - gui
Dos StringPolicy - Enable/disable DoS policies on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringDevice Os Id - Enable/disable Create dynamic addresses to manage known devices. Valid values:
enable
,disable
. - gui
Dynamic StringProfile Display - Enable/disable RADIUS Single Sign On (RSSO) on the GUI. Valid values:
enable
,disable
. - gui
Dynamic StringRouting - Enable/disable dynamic routing on the GUI. Valid values:
enable
,disable
. - gui
Email StringCollection - Enable/disable email collection on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl - Enable/disable endpoint control on the GUI. Valid values:
enable
,disable
. - gui
Endpoint StringControl Advanced - Enable/disable advanced endpoint control options on the GUI. Valid values:
enable
,disable
. - gui
Enforce StringChange Summary - Enforce change summaries for select tables in the GUI. Valid values:
disable
,require
,optional
. - gui
Explicit StringProxy - Enable/disable the explicit proxy on the GUI. Valid values:
enable
,disable
. - gui
File StringFilter - Enable/disable File-filter on the GUI. Valid values:
enable
,disable
. - gui
Fortiap StringSplit Tunneling - Enable/disable FortiAP split tunneling on the GUI. Valid values:
enable
,disable
. - gui
Fortiextender StringController - Enable/disable FortiExtender on the GUI. Valid values:
enable
,disable
. - gui
Icap String - Enable/disable ICAP on the GUI. Valid values:
enable
,disable
. - gui
Implicit StringPolicy - Enable/disable implicit firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Ips String - Enable/disable IPS on the GUI. Valid values:
enable
,disable
. - gui
Load StringBalance - Enable/disable server load balancing on the GUI. Valid values:
enable
,disable
. - gui
Local StringIn Policy - Enable/disable Local-In policies on the GUI. Valid values:
enable
,disable
. - gui
Local StringReports - Enable/disable local reports on the GUI. Valid values:
enable
,disable
. - gui
Multicast StringPolicy - Enable/disable multicast firewall policies on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringInterface Policy - Enable/disable adding multiple interfaces to a policy on the GUI. Valid values:
enable
,disable
. - gui
Multiple StringUtm Profiles - Enable/disable multiple UTM profiles on the GUI. Valid values:
enable
,disable
. - gui
Nat4664 String - Enable/disable NAT46 and NAT64 settings on the GUI. Valid values:
enable
,disable
. - gui
Object StringColors - Enable/disable object colors on the GUI. Valid values:
enable
,disable
. - gui
Ot String - Enable/disable Show Operational Technology Purdue Model. Valid values:
enable
,disable
. - gui
Per StringPolicy Disclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringBased Ipsec - Enable/disable policy-based IPsec VPN on the GUI. Valid values:
enable
,disable
. - gui
Policy StringDisclaimer - Enable/disable policy disclaimer on the GUI. Valid values:
enable
,disable
. - gui
Policy StringLearning - Enable/disable firewall policy learning mode on the GUI. Valid values:
enable
,disable
. - gui
Proxy StringInspection - Enable/disable the proxy features on the GUI. Valid values:
enable
,disable
. - gui
Replacement StringMessage Groups - Enable/disable replacement message groups on the GUI. Valid values:
enable
,disable
. - gui
Route StringTag Address Creation - Enable/disable route-tag addresses on the GUI. Valid values:
enable
,disable
. - gui
Security StringProfile Group - Enable/disable Security Profile Groups on the GUI. Valid values:
enable
,disable
. - gui
Spamfilter String - Enable/disable Antispam on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn String - Enable/disable SSL-VPN settings pages on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringPersonal Bookmarks - Enable/disable SSL-VPN personal bookmark management on the GUI. Valid values:
enable
,disable
. - gui
Sslvpn StringRealms - Enable/disable SSL-VPN realms on the GUI. Valid values:
enable
,disable
. - gui
Switch StringController - Enable/disable the switch controller on the GUI. Valid values:
enable
,disable
. - gui
Threat StringWeight - Enable/disable threat weight on the GUI. Valid values:
enable
,disable
. - gui
Traffic StringShaping - Enable/disable traffic shaping on the GUI. Valid values:
enable
,disable
. - gui
Videofilter String - Enable/disable Video filtering on the GUI. Valid values:
enable
,disable
. - gui
Virtual StringPatch Profile - Enable/disable Virtual Patching on the GUI. Valid values:
enable
,disable
. - gui
Voip StringProfile - Enable/disable VoIP profiles on the GUI. Valid values:
enable
,disable
. - gui
Vpn String - Enable/disable VPN tunnels on the GUI. Valid values:
enable
,disable
. - gui
Waf StringProfile - Enable/disable Web Application Firewall on the GUI. Valid values:
enable
,disable
. - gui
Wan StringLoad Balancing - Enable/disable SD-WAN on the GUI. Valid values:
enable
,disable
. - gui
Wanopt StringCache - Enable/disable WAN Optimization and Web Caching on the GUI. Valid values:
enable
,disable
. - gui
Webfilter String - Enable/disable Web filtering on the GUI. Valid values:
enable
,disable
. - gui
Webfilter StringAdvanced - Enable/disable advanced web filtering on the GUI. Valid values:
enable
,disable
. - gui
Wireless StringController - Enable/disable the wireless controller on the GUI. Valid values:
enable
,disable
. - gui
Ztna String - Enable/disable Zero Trust Network Access features on the GUI. Valid values:
enable
,disable
. - h323Direct
Model String - Enable/disable H323 direct model. Valid values:
disable
,enable
. - http
External StringDest - Offload HTTP traffic to FortiWeb or FortiCache. Valid values:
fortiweb
,forticache
. - ike
Dn StringFormat - Configure IKE ASN.1 Distinguished Name format conventions. Valid values:
with-space
,no-space
. - ike
Natt NumberPort - UDP port for IKE/IPsec traffic in NAT-T mode (default 4500).
- ike
Policy StringRoute - Enable/disable IKE Policy Based Routing (PBR). Valid values:
enable
,disable
. - ike
Port Number - UDP port for IKE/IPsec traffic (default 500).
- ike
Quick StringCrash Detect - Enable/disable IKE quick crash detection (RFC 6290). Valid values:
enable
,disable
. - ike
Session StringResume - Enable/disable IKEv2 session resumption (RFC 5723). Valid values:
enable
,disable
. - ike
Tcp NumberPort - TCP port for IKE/IPsec traffic (default 4500).
- implicit
Allow StringDns - Enable/disable implicitly allowing DNS traffic. Valid values:
enable
,disable
. - inspection
Mode String - Inspection mode (proxy-based or flow-based). Valid values:
proxy
,flow
. - internet
Service NumberApp Ctrl Size - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications.
- internet
Service StringDatabase Cache - Enable/disable Internet Service database caching. Valid values:
disable
,enable
. - ip String
- IP address and netmask.
- ip6 String
- IPv6 address prefix for NAT mode.
- lan
Extension StringController Addr - Controller IP address or FQDN to connect.
- link
Down StringAccess - Enable/disable link down access traffic. Valid values:
enable
,disable
. - lldp
Reception String - Enable/disable Link Layer Discovery Protocol (LLDP) reception for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - lldp
Transmission String - Enable/disable Link Layer Discovery Protocol (LLDP) transmission for this VDOM or apply global settings to this VDOM. Valid values:
enable
,disable
,global
. - location
Id String - Local location ID in the form of an IPv4 address.
- mac
Ttl Number - Duration of MAC addresses in Transparent mode (300 - 8640000 sec, default = 300).
- manageip String
- Transparent mode IPv4 management IP address and netmask.
- manageip6 String
- Transparent mode IPv6 management IP address and netmask.
- multicast
Forward String - Enable/disable multicast forwarding. Valid values:
enable
,disable
. - multicast
Skip StringPolicy - Enable/disable allowing multicast traffic through the FortiGate without a policy check. Valid values:
enable
,disable
. - multicast
Ttl StringNotchange - Enable/disable preventing the FortiGate from changing the TTL for forwarded multicast packets. Valid values:
enable
,disable
. - nat46Force
Ipv4Packet StringForwarding - Enable/disable mandatory IPv4 packet forwarding in NAT46. Valid values:
enable
,disable
. - nat46Generate
Ipv6Fragment StringHeader - Enable/disable NAT46 IPv6 fragment header generation. Valid values:
enable
,disable
. - nat64Force
Ipv6Packet StringForwarding - Enable/disable mandatory IPv6 packet forwarding in NAT64. Valid values:
enable
,disable
. - ngfw
Mode String - Next Generation Firewall (NGFW) mode. Valid values:
profile-based
,policy-based
. - opmode String
- Firewall operation mode (NAT or Transparent). Valid values:
nat
,transparent
. - prp
Trailer StringAction - Enable/disable action to take on PRP trailer. Valid values:
enable
,disable
. - sccp
Port Number - TCP port the SCCP proxy monitors for SCCP traffic (0 - 65535, default = 2000).
- sctp
Session StringWithout Init - Enable/disable SCTP session creation without SCTP INIT. Valid values:
enable
,disable
. - ses
Denied StringTraffic - Enable/disable including denied session in the session table. Valid values:
enable
,disable
. - sip
Expectation String - Enable/disable the SIP kernel session helper to create an expectation for port 5060. Valid values:
enable
,disable
. - sip
Helper String - Enable/disable the SIP session helper to process SIP sessions unless SIP sessions are accepted by the SIP application layer gateway (ALG). Valid values:
enable
,disable
. - sip
Nat StringTrace - Enable/disable recording the original SIP source IP address when NAT is used. Valid values:
enable
,disable
. - sip
Ssl NumberPort - TCP port the SIP proxy monitors for SIP SSL/TLS traffic (0 - 65535, default = 5061).
- sip
Tcp NumberPort - TCP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- sip
Udp NumberPort - UDP port the SIP proxy monitors for SIP traffic (0 - 65535, default = 5060).
- snat
Hairpin StringTraffic - Enable/disable source NAT (SNAT) for hairpin traffic. Valid values:
enable
,disable
. - ssl
Ssh StringProfile - Profile for SSL/SSH inspection.
- status String
- Enable/disable this VDOM. Valid values:
enable
,disable
. - strict
Src StringCheck - Enable/disable strict source verification. Valid values:
enable
,disable
. - tcp
Session StringWithout Syn - Enable/disable allowing TCP session without SYN flags. Valid values:
enable
,disable
. - utf8Spam
Tagging String - Enable/disable converting antispam tags to UTF-8 for better non-ASCII character support. Valid values:
enable
,disable
. - v4Ecmp
Mode String - IPv4 Equal-cost multi-path (ECMP) routing and load balancing mode. Valid values:
source-ip-based
,weight-based
,usage-based
,source-dest-ip-based
. - vdom
Type String - VDOM type. On FortiOS versions 7.2.0: traffic or admin. On FortiOS versions >= 7.2.1: traffic, lan-extension or admin.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vpn
Stats StringLog - Enable/disable periodic VPN log statistics for one or more types of VPN. Separate names with a space. Valid values:
ipsec
,pptp
,l2tp
,ssl
. - vpn
Stats NumberPeriod - Period to send VPN log statistics (0 or 60 - 86400 sec).
- wccp
Cache StringEngine - Enable/disable WCCP cache engine. Valid values:
enable
,disable
.
Supporting Types
SettingsGuiDefaultPolicyColumn, SettingsGuiDefaultPolicyColumnArgs
- Name string
- Select column name.
- Name string
- Select column name.
- name String
- Select column name.
- name string
- Select column name.
- name str
- Select column name.
- name String
- Select column name.
Import
System Settings can be imported using any of these accepted formats:
$ pulumi import fortios:system/settings:Settings labelname SystemSettings
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:system/settings:Settings labelname SystemSettings
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.