fortios.user.Setting
Explore with Pulumi AI
Configure user authentication setting.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.user.Setting("trname", {
authBlackoutTime: 0,
authCert: "Fortinet_Factory",
authHttpBasic: "disable",
authInvalidMax: 5,
authLockoutDuration: 0,
authLockoutThreshold: 3,
authOnDemand: "implicitly",
authPortalTimeout: 3,
authSecureHttp: "disable",
authSrcMac: "enable",
authSslAllowRenegotiation: "disable",
authTimeout: 5,
authTimeoutType: "idle-timeout",
authType: "http https ftp telnet",
radiusSesTimeoutAct: "hard-timeout",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.user.Setting("trname",
auth_blackout_time=0,
auth_cert="Fortinet_Factory",
auth_http_basic="disable",
auth_invalid_max=5,
auth_lockout_duration=0,
auth_lockout_threshold=3,
auth_on_demand="implicitly",
auth_portal_timeout=3,
auth_secure_http="disable",
auth_src_mac="enable",
auth_ssl_allow_renegotiation="disable",
auth_timeout=5,
auth_timeout_type="idle-timeout",
auth_type="http https ftp telnet",
radius_ses_timeout_act="hard-timeout")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/user"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := user.NewSetting(ctx, "trname", &user.SettingArgs{
AuthBlackoutTime: pulumi.Int(0),
AuthCert: pulumi.String("Fortinet_Factory"),
AuthHttpBasic: pulumi.String("disable"),
AuthInvalidMax: pulumi.Int(5),
AuthLockoutDuration: pulumi.Int(0),
AuthLockoutThreshold: pulumi.Int(3),
AuthOnDemand: pulumi.String("implicitly"),
AuthPortalTimeout: pulumi.Int(3),
AuthSecureHttp: pulumi.String("disable"),
AuthSrcMac: pulumi.String("enable"),
AuthSslAllowRenegotiation: pulumi.String("disable"),
AuthTimeout: pulumi.Int(5),
AuthTimeoutType: pulumi.String("idle-timeout"),
AuthType: pulumi.String("http https ftp telnet"),
RadiusSesTimeoutAct: pulumi.String("hard-timeout"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.User.Setting("trname", new()
{
AuthBlackoutTime = 0,
AuthCert = "Fortinet_Factory",
AuthHttpBasic = "disable",
AuthInvalidMax = 5,
AuthLockoutDuration = 0,
AuthLockoutThreshold = 3,
AuthOnDemand = "implicitly",
AuthPortalTimeout = 3,
AuthSecureHttp = "disable",
AuthSrcMac = "enable",
AuthSslAllowRenegotiation = "disable",
AuthTimeout = 5,
AuthTimeoutType = "idle-timeout",
AuthType = "http https ftp telnet",
RadiusSesTimeoutAct = "hard-timeout",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.user.Setting;
import com.pulumi.fortios.user.SettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Setting("trname", SettingArgs.builder()
.authBlackoutTime(0)
.authCert("Fortinet_Factory")
.authHttpBasic("disable")
.authInvalidMax(5)
.authLockoutDuration(0)
.authLockoutThreshold(3)
.authOnDemand("implicitly")
.authPortalTimeout(3)
.authSecureHttp("disable")
.authSrcMac("enable")
.authSslAllowRenegotiation("disable")
.authTimeout(5)
.authTimeoutType("idle-timeout")
.authType("http https ftp telnet")
.radiusSesTimeoutAct("hard-timeout")
.build());
}
}
resources:
trname:
type: fortios:user:Setting
properties:
authBlackoutTime: 0
authCert: Fortinet_Factory
authHttpBasic: disable
authInvalidMax: 5
authLockoutDuration: 0
authLockoutThreshold: 3
authOnDemand: implicitly
authPortalTimeout: 3
authSecureHttp: disable
authSrcMac: enable
authSslAllowRenegotiation: disable
authTimeout: 5
authTimeoutType: idle-timeout
authType: http https ftp telnet
radiusSesTimeoutAct: hard-timeout
Create Setting Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Setting(name: string, args?: SettingArgs, opts?: CustomResourceOptions);
@overload
def Setting(resource_name: str,
args: Optional[SettingArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Setting(resource_name: str,
opts: Optional[ResourceOptions] = None,
auth_blackout_time: Optional[int] = None,
auth_ca_cert: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_http_basic: Optional[str] = None,
auth_invalid_max: Optional[int] = None,
auth_lockout_duration: Optional[int] = None,
auth_lockout_threshold: Optional[int] = None,
auth_on_demand: Optional[str] = None,
auth_portal_timeout: Optional[int] = None,
auth_ports: Optional[Sequence[SettingAuthPortArgs]] = None,
auth_secure_http: Optional[str] = None,
auth_src_mac: Optional[str] = None,
auth_ssl_allow_renegotiation: Optional[str] = None,
auth_ssl_max_proto_version: Optional[str] = None,
auth_ssl_min_proto_version: Optional[str] = None,
auth_ssl_sigalgs: Optional[str] = None,
auth_timeout: Optional[int] = None,
auth_timeout_type: Optional[str] = None,
auth_type: Optional[str] = None,
default_user_password_policy: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
get_all_tables: Optional[str] = None,
per_policy_disclaimer: Optional[str] = None,
radius_ses_timeout_act: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewSetting(ctx *Context, name string, args *SettingArgs, opts ...ResourceOption) (*Setting, error)
public Setting(string name, SettingArgs? args = null, CustomResourceOptions? opts = null)
public Setting(String name, SettingArgs args)
public Setting(String name, SettingArgs args, CustomResourceOptions options)
type: fortios:user:Setting
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplesettingResourceResourceFromUsersetting = new Fortios.User.Setting("examplesettingResourceResourceFromUsersetting", new()
{
AuthBlackoutTime = 0,
AuthCaCert = "string",
AuthCert = "string",
AuthHttpBasic = "string",
AuthInvalidMax = 0,
AuthLockoutDuration = 0,
AuthLockoutThreshold = 0,
AuthOnDemand = "string",
AuthPortalTimeout = 0,
AuthPorts = new[]
{
new Fortios.User.Inputs.SettingAuthPortArgs
{
Id = 0,
Port = 0,
Type = "string",
},
},
AuthSecureHttp = "string",
AuthSrcMac = "string",
AuthSslAllowRenegotiation = "string",
AuthSslMaxProtoVersion = "string",
AuthSslMinProtoVersion = "string",
AuthSslSigalgs = "string",
AuthTimeout = 0,
AuthTimeoutType = "string",
AuthType = "string",
DefaultUserPasswordPolicy = "string",
DynamicSortSubtable = "string",
GetAllTables = "string",
PerPolicyDisclaimer = "string",
RadiusSesTimeoutAct = "string",
Vdomparam = "string",
});
example, err := user.NewSetting(ctx, "examplesettingResourceResourceFromUsersetting", &user.SettingArgs{
AuthBlackoutTime: pulumi.Int(0),
AuthCaCert: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthHttpBasic: pulumi.String("string"),
AuthInvalidMax: pulumi.Int(0),
AuthLockoutDuration: pulumi.Int(0),
AuthLockoutThreshold: pulumi.Int(0),
AuthOnDemand: pulumi.String("string"),
AuthPortalTimeout: pulumi.Int(0),
AuthPorts: user.SettingAuthPortArray{
&user.SettingAuthPortArgs{
Id: pulumi.Int(0),
Port: pulumi.Int(0),
Type: pulumi.String("string"),
},
},
AuthSecureHttp: pulumi.String("string"),
AuthSrcMac: pulumi.String("string"),
AuthSslAllowRenegotiation: pulumi.String("string"),
AuthSslMaxProtoVersion: pulumi.String("string"),
AuthSslMinProtoVersion: pulumi.String("string"),
AuthSslSigalgs: pulumi.String("string"),
AuthTimeout: pulumi.Int(0),
AuthTimeoutType: pulumi.String("string"),
AuthType: pulumi.String("string"),
DefaultUserPasswordPolicy: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
GetAllTables: pulumi.String("string"),
PerPolicyDisclaimer: pulumi.String("string"),
RadiusSesTimeoutAct: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
})
var examplesettingResourceResourceFromUsersetting = new Setting("examplesettingResourceResourceFromUsersetting", SettingArgs.builder()
.authBlackoutTime(0)
.authCaCert("string")
.authCert("string")
.authHttpBasic("string")
.authInvalidMax(0)
.authLockoutDuration(0)
.authLockoutThreshold(0)
.authOnDemand("string")
.authPortalTimeout(0)
.authPorts(SettingAuthPortArgs.builder()
.id(0)
.port(0)
.type("string")
.build())
.authSecureHttp("string")
.authSrcMac("string")
.authSslAllowRenegotiation("string")
.authSslMaxProtoVersion("string")
.authSslMinProtoVersion("string")
.authSslSigalgs("string")
.authTimeout(0)
.authTimeoutType("string")
.authType("string")
.defaultUserPasswordPolicy("string")
.dynamicSortSubtable("string")
.getAllTables("string")
.perPolicyDisclaimer("string")
.radiusSesTimeoutAct("string")
.vdomparam("string")
.build());
examplesetting_resource_resource_from_usersetting = fortios.user.Setting("examplesettingResourceResourceFromUsersetting",
auth_blackout_time=0,
auth_ca_cert="string",
auth_cert="string",
auth_http_basic="string",
auth_invalid_max=0,
auth_lockout_duration=0,
auth_lockout_threshold=0,
auth_on_demand="string",
auth_portal_timeout=0,
auth_ports=[{
"id": 0,
"port": 0,
"type": "string",
}],
auth_secure_http="string",
auth_src_mac="string",
auth_ssl_allow_renegotiation="string",
auth_ssl_max_proto_version="string",
auth_ssl_min_proto_version="string",
auth_ssl_sigalgs="string",
auth_timeout=0,
auth_timeout_type="string",
auth_type="string",
default_user_password_policy="string",
dynamic_sort_subtable="string",
get_all_tables="string",
per_policy_disclaimer="string",
radius_ses_timeout_act="string",
vdomparam="string")
const examplesettingResourceResourceFromUsersetting = new fortios.user.Setting("examplesettingResourceResourceFromUsersetting", {
authBlackoutTime: 0,
authCaCert: "string",
authCert: "string",
authHttpBasic: "string",
authInvalidMax: 0,
authLockoutDuration: 0,
authLockoutThreshold: 0,
authOnDemand: "string",
authPortalTimeout: 0,
authPorts: [{
id: 0,
port: 0,
type: "string",
}],
authSecureHttp: "string",
authSrcMac: "string",
authSslAllowRenegotiation: "string",
authSslMaxProtoVersion: "string",
authSslMinProtoVersion: "string",
authSslSigalgs: "string",
authTimeout: 0,
authTimeoutType: "string",
authType: "string",
defaultUserPasswordPolicy: "string",
dynamicSortSubtable: "string",
getAllTables: "string",
perPolicyDisclaimer: "string",
radiusSesTimeoutAct: "string",
vdomparam: "string",
});
type: fortios:user:Setting
properties:
authBlackoutTime: 0
authCaCert: string
authCert: string
authHttpBasic: string
authInvalidMax: 0
authLockoutDuration: 0
authLockoutThreshold: 0
authOnDemand: string
authPortalTimeout: 0
authPorts:
- id: 0
port: 0
type: string
authSecureHttp: string
authSrcMac: string
authSslAllowRenegotiation: string
authSslMaxProtoVersion: string
authSslMinProtoVersion: string
authSslSigalgs: string
authTimeout: 0
authTimeoutType: string
authType: string
defaultUserPasswordPolicy: string
dynamicSortSubtable: string
getAllTables: string
perPolicyDisclaimer: string
radiusSesTimeoutAct: string
vdomparam: string
Setting Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Setting resource accepts the following input properties:
- Auth
Blackout intTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- Auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- Auth
Cert string - HTTPS server certificate for policy authentication.
- Auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - Auth
Invalid intMax - Maximum number of failed authentication attempts before the user is blocked.
- Auth
Lockout intDuration - Lockout period in seconds after too many login failures.
- Auth
Lockout intThreshold - Maximum number of failed login attempts before login lockout is triggered.
- Auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - Auth
Portal intTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- Auth
Ports List<Pulumiverse.Fortios. User. Inputs. Setting Auth Port> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - Auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - Auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - Auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - Auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - Auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - Auth
Timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- Auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - Auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - Default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - Radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Auth
Blackout intTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- Auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- Auth
Cert string - HTTPS server certificate for policy authentication.
- Auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - Auth
Invalid intMax - Maximum number of failed authentication attempts before the user is blocked.
- Auth
Lockout intDuration - Lockout period in seconds after too many login failures.
- Auth
Lockout intThreshold - Maximum number of failed login attempts before login lockout is triggered.
- Auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - Auth
Portal intTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- Auth
Ports []SettingAuth Port Args - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - Auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - Auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - Auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - Auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - Auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - Auth
Timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- Auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - Auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - Default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - Radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout IntegerTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca StringCert - HTTPS CA certificate for policy authentication.
- auth
Cert String - HTTPS server certificate for policy authentication.
- auth
Http StringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid IntegerMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout IntegerDuration - Lockout period in seconds after too many login failures.
- auth
Lockout IntegerThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On StringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal IntegerTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports List<SettingAuth Port> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure StringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src StringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl StringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl StringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl StringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl StringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout Integer - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout StringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type String - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User StringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy StringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses StringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout numberTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- auth
Cert string - HTTPS server certificate for policy authentication.
- auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid numberMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout numberDuration - Lockout period in seconds after too many login failures.
- auth
Lockout numberThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal numberTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports SettingAuth Port[] - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout number - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth_
blackout_ inttime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth_
ca_ strcert - HTTPS CA certificate for policy authentication.
- auth_
cert str - HTTPS server certificate for policy authentication.
- auth_
http_ strbasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth_
invalid_ intmax - Maximum number of failed authentication attempts before the user is blocked.
- auth_
lockout_ intduration - Lockout period in seconds after too many login failures.
- auth_
lockout_ intthreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth_
on_ strdemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth_
portal_ inttimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth_
ports Sequence[SettingAuth Port Args] - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth_
secure_ strhttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth_
src_ strmac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth_
ssl_ strallow_ renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth_
ssl_ strmax_ proto_ version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth_
ssl_ strmin_ proto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth_
ssl_ strsigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth_
timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth_
timeout_ strtype - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth_
type str - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default_
user_ strpassword_ policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per_
policy_ strdisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius_
ses_ strtimeout_ act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout NumberTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca StringCert - HTTPS CA certificate for policy authentication.
- auth
Cert String - HTTPS server certificate for policy authentication.
- auth
Http StringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid NumberMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout NumberDuration - Lockout period in seconds after too many login failures.
- auth
Lockout NumberThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On StringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal NumberTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports List<Property Map> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure StringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src StringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl StringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl StringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl StringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl StringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout Number - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout StringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type String - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User StringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy StringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses StringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Setting resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Setting Resource
Get an existing Setting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SettingState, opts?: CustomResourceOptions): Setting
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_blackout_time: Optional[int] = None,
auth_ca_cert: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_http_basic: Optional[str] = None,
auth_invalid_max: Optional[int] = None,
auth_lockout_duration: Optional[int] = None,
auth_lockout_threshold: Optional[int] = None,
auth_on_demand: Optional[str] = None,
auth_portal_timeout: Optional[int] = None,
auth_ports: Optional[Sequence[SettingAuthPortArgs]] = None,
auth_secure_http: Optional[str] = None,
auth_src_mac: Optional[str] = None,
auth_ssl_allow_renegotiation: Optional[str] = None,
auth_ssl_max_proto_version: Optional[str] = None,
auth_ssl_min_proto_version: Optional[str] = None,
auth_ssl_sigalgs: Optional[str] = None,
auth_timeout: Optional[int] = None,
auth_timeout_type: Optional[str] = None,
auth_type: Optional[str] = None,
default_user_password_policy: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
get_all_tables: Optional[str] = None,
per_policy_disclaimer: Optional[str] = None,
radius_ses_timeout_act: Optional[str] = None,
vdomparam: Optional[str] = None) -> Setting
func GetSetting(ctx *Context, name string, id IDInput, state *SettingState, opts ...ResourceOption) (*Setting, error)
public static Setting Get(string name, Input<string> id, SettingState? state, CustomResourceOptions? opts = null)
public static Setting get(String name, Output<String> id, SettingState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Blackout intTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- Auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- Auth
Cert string - HTTPS server certificate for policy authentication.
- Auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - Auth
Invalid intMax - Maximum number of failed authentication attempts before the user is blocked.
- Auth
Lockout intDuration - Lockout period in seconds after too many login failures.
- Auth
Lockout intThreshold - Maximum number of failed login attempts before login lockout is triggered.
- Auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - Auth
Portal intTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- Auth
Ports List<Pulumiverse.Fortios. User. Inputs. Setting Auth Port> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - Auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - Auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - Auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - Auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - Auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - Auth
Timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- Auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - Auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - Default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - Radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Auth
Blackout intTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- Auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- Auth
Cert string - HTTPS server certificate for policy authentication.
- Auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - Auth
Invalid intMax - Maximum number of failed authentication attempts before the user is blocked.
- Auth
Lockout intDuration - Lockout period in seconds after too many login failures.
- Auth
Lockout intThreshold - Maximum number of failed login attempts before login lockout is triggered.
- Auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - Auth
Portal intTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- Auth
Ports []SettingAuth Port Args - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - Auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - Auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - Auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - Auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - Auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - Auth
Timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- Auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - Auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - Default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - Radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout IntegerTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca StringCert - HTTPS CA certificate for policy authentication.
- auth
Cert String - HTTPS server certificate for policy authentication.
- auth
Http StringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid IntegerMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout IntegerDuration - Lockout period in seconds after too many login failures.
- auth
Lockout IntegerThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On StringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal IntegerTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports List<SettingAuth Port> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure StringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src StringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl StringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl StringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl StringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl StringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout Integer - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout StringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type String - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User StringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy StringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses StringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout numberTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca stringCert - HTTPS CA certificate for policy authentication.
- auth
Cert string - HTTPS server certificate for policy authentication.
- auth
Http stringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid numberMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout numberDuration - Lockout period in seconds after too many login failures.
- auth
Lockout numberThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On stringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal numberTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports SettingAuth Port[] - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure stringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src stringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl stringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl stringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl stringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl stringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout number - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout stringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type string - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User stringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy stringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses stringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth_
blackout_ inttime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth_
ca_ strcert - HTTPS CA certificate for policy authentication.
- auth_
cert str - HTTPS server certificate for policy authentication.
- auth_
http_ strbasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth_
invalid_ intmax - Maximum number of failed authentication attempts before the user is blocked.
- auth_
lockout_ intduration - Lockout period in seconds after too many login failures.
- auth_
lockout_ intthreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth_
on_ strdemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth_
portal_ inttimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth_
ports Sequence[SettingAuth Port Args] - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth_
secure_ strhttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth_
src_ strmac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth_
ssl_ strallow_ renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth_
ssl_ strmax_ proto_ version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth_
ssl_ strmin_ proto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth_
ssl_ strsigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth_
timeout int - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth_
timeout_ strtype - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth_
type str - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default_
user_ strpassword_ policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per_
policy_ strdisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius_
ses_ strtimeout_ act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- auth
Blackout NumberTime - Time in seconds an IP address is denied access after failing to authenticate five times within one minute.
- auth
Ca StringCert - HTTPS CA certificate for policy authentication.
- auth
Cert String - HTTPS server certificate for policy authentication.
- auth
Http StringBasic - Enable/disable use of HTTP basic authentication for identity-based firewall policies. Valid values:
enable
,disable
. - auth
Invalid NumberMax - Maximum number of failed authentication attempts before the user is blocked.
- auth
Lockout NumberDuration - Lockout period in seconds after too many login failures.
- auth
Lockout NumberThreshold - Maximum number of failed login attempts before login lockout is triggered.
- auth
On StringDemand - Always/implicitly trigger firewall authentication on demand. Valid values:
always
,implicitly
. - auth
Portal NumberTimeout - Time in minutes before captive portal user have to re-authenticate (1 - 30 min, default 3 min).
- auth
Ports List<Property Map> - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of
auth_ports
block is documented below. - auth
Secure StringHttp - Enable/disable redirecting HTTP user authentication to more secure HTTPS. Valid values:
enable
,disable
. - auth
Src StringMac - Enable/disable source MAC for user identity. Valid values:
enable
,disable
. - auth
Ssl StringAllow Renegotiation - Allow/forbid SSL re-negotiation for HTTPS authentication. Valid values:
enable
,disable
. - auth
Ssl StringMax Proto Version - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values:
sslv3
,tlsv1
,tlsv1-1
,tlsv1-2
,tlsv1-3
. - auth
Ssl StringMin Proto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- auth
Ssl StringSigalgs - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values:
no-rsa-pss
,all
. - auth
Timeout Number - Time in minutes before the firewall user authentication timeout requires the user to re-authenticate.
- auth
Timeout StringType - Control if authenticated users have to login again after a hard timeout, after an idle timeout, or after a session timeout. Valid values:
idle-timeout
,hard-timeout
,new-session
. - auth
Type String - Supported firewall policy authentication protocols/methods. Valid values:
http
,https
,ftp
,telnet
. - default
User StringPassword Policy - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy.
- dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- per
Policy StringDisclaimer - Enable/disable per policy disclaimer. Valid values:
enable
,disable
. - radius
Ses StringTimeout Act - Set the RADIUS session timeout to a hard timeout or to ignore RADIUS server session timeouts. Valid values:
hard-timeout
,ignore-timeout
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
SettingAuthPort, SettingAuthPortArgs
Import
User Setting can be imported using any of these accepted formats:
$ pulumi import fortios:user/setting:Setting labelname UserSetting
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:user/setting:Setting labelname UserSetting
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.