1. Packages
  2. Fortios
  3. API Docs
  4. vpn
  5. vpn/ipsec
  6. Phase2
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/ipsec.Phase2

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure VPN autokey tunnel.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trnamex2 = new fortios.vpn.ipsec.Phase1("trnamex2", {
        acctVerify: "disable",
        addGwRoute: "disable",
        addRoute: "disable",
        assignIp: "enable",
        assignIpFrom: "range",
        authmethod: "psk",
        autoNegotiate: "enable",
        certIdValidation: "enable",
        childlessIke: "disable",
        clientAutoNegotiate: "disable",
        clientKeepAlive: "disable",
        dhgrp: "14 5",
        digitalSignatureAuth: "disable",
        distance: 15,
        dnsMode: "manual",
        dpd: "on-demand",
        dpdRetrycount: 3,
        dpdRetryinterval: "20",
        eap: "disable",
        eapIdentity: "use-id-payload",
        enforceUniqueId: "disable",
        forticlientEnforcement: "disable",
        fragmentation: "enable",
        fragmentationMtu: 1200,
        groupAuthentication: "disable",
        haSyncEspSeqno: "enable",
        idleTimeout: "disable",
        idleTimeoutinterval: 15,
        ikeVersion: "1",
        includeLocalLan: "disable",
        "interface": "port4",
        ipv4DnsServer1: "0.0.0.0",
        ipv4DnsServer2: "0.0.0.0",
        ipv4DnsServer3: "0.0.0.0",
        ipv4EndIp: "0.0.0.0",
        ipv4Netmask: "255.255.255.255",
        ipv4StartIp: "0.0.0.0",
        ipv4WinsServer1: "0.0.0.0",
        ipv4WinsServer2: "0.0.0.0",
        ipv6DnsServer1: "::",
        ipv6DnsServer2: "::",
        ipv6DnsServer3: "::",
        ipv6EndIp: "::",
        ipv6Prefix: 128,
        ipv6StartIp: "::",
        keepalive: 10,
        keylife: 86400,
        localGw: "0.0.0.0",
        localidType: "auto",
        meshSelectorType: "disable",
        mode: "main",
        modeCfg: "disable",
        nattraversal: "enable",
        negotiateTimeout: 30,
        peertype: "any",
        ppk: "disable",
        priority: 0,
        proposal: "aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
        psksecret: "dewcEde2112",
        reauth: "disable",
        rekey: "enable",
        remoteGw: "2.1.1.1",
        rsaSignatureFormat: "pkcs1",
        savePassword: "disable",
        sendCertChain: "enable",
        signatureHashAlg: "sha2-512 sha2-384 sha2-256 sha1",
        suiteB: "disable",
        type: "static",
        unitySupport: "enable",
        wizardType: "custom",
        xauthtype: "disable",
    });
    const trname = new fortios.vpn.ipsec.Phase2("trname", {
        addRoute: "phase1",
        autoNegotiate: "disable",
        dhcpIpsec: "disable",
        dhgrp: "14 5",
        dstAddrType: "subnet",
        dstEndIp: "0.0.0.0",
        dstEndIp6: "::",
        dstPort: 0,
        dstStartIp: "0.0.0.0",
        dstStartIp6: "::",
        dstSubnet: "0.0.0.0 0.0.0.0",
        dstSubnet6: "::/0",
        encapsulation: "tunnel-mode",
        keepalive: "disable",
        keylifeType: "seconds",
        keylifekbs: 5120,
        keylifeseconds: 43200,
        l2tp: "disable",
        pfs: "enable",
        phase1name: trnamex2.name,
        proposal: "null-md5 null-sha1 null-sha256",
        protocol: 0,
        replay: "enable",
        routeOverlap: "use-new",
        selectorMatch: "auto",
        singleSource: "disable",
        srcAddrType: "subnet",
        srcEndIp: "0.0.0.0",
        srcEndIp6: "::",
        srcPort: 0,
        srcStartIp: "0.0.0.0",
        srcStartIp6: "::",
        srcSubnet: "0.0.0.0 0.0.0.0",
        srcSubnet6: "::/0",
        useNatip: "disable",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trnamex2 = fortios.vpn.ipsec.Phase1("trnamex2",
        acct_verify="disable",
        add_gw_route="disable",
        add_route="disable",
        assign_ip="enable",
        assign_ip_from="range",
        authmethod="psk",
        auto_negotiate="enable",
        cert_id_validation="enable",
        childless_ike="disable",
        client_auto_negotiate="disable",
        client_keep_alive="disable",
        dhgrp="14 5",
        digital_signature_auth="disable",
        distance=15,
        dns_mode="manual",
        dpd="on-demand",
        dpd_retrycount=3,
        dpd_retryinterval="20",
        eap="disable",
        eap_identity="use-id-payload",
        enforce_unique_id="disable",
        forticlient_enforcement="disable",
        fragmentation="enable",
        fragmentation_mtu=1200,
        group_authentication="disable",
        ha_sync_esp_seqno="enable",
        idle_timeout="disable",
        idle_timeoutinterval=15,
        ike_version="1",
        include_local_lan="disable",
        interface="port4",
        ipv4_dns_server1="0.0.0.0",
        ipv4_dns_server2="0.0.0.0",
        ipv4_dns_server3="0.0.0.0",
        ipv4_end_ip="0.0.0.0",
        ipv4_netmask="255.255.255.255",
        ipv4_start_ip="0.0.0.0",
        ipv4_wins_server1="0.0.0.0",
        ipv4_wins_server2="0.0.0.0",
        ipv6_dns_server1="::",
        ipv6_dns_server2="::",
        ipv6_dns_server3="::",
        ipv6_end_ip="::",
        ipv6_prefix=128,
        ipv6_start_ip="::",
        keepalive=10,
        keylife=86400,
        local_gw="0.0.0.0",
        localid_type="auto",
        mesh_selector_type="disable",
        mode="main",
        mode_cfg="disable",
        nattraversal="enable",
        negotiate_timeout=30,
        peertype="any",
        ppk="disable",
        priority=0,
        proposal="aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
        psksecret="dewcEde2112",
        reauth="disable",
        rekey="enable",
        remote_gw="2.1.1.1",
        rsa_signature_format="pkcs1",
        save_password="disable",
        send_cert_chain="enable",
        signature_hash_alg="sha2-512 sha2-384 sha2-256 sha1",
        suite_b="disable",
        type="static",
        unity_support="enable",
        wizard_type="custom",
        xauthtype="disable")
    trname = fortios.vpn.ipsec.Phase2("trname",
        add_route="phase1",
        auto_negotiate="disable",
        dhcp_ipsec="disable",
        dhgrp="14 5",
        dst_addr_type="subnet",
        dst_end_ip="0.0.0.0",
        dst_end_ip6="::",
        dst_port=0,
        dst_start_ip="0.0.0.0",
        dst_start_ip6="::",
        dst_subnet="0.0.0.0 0.0.0.0",
        dst_subnet6="::/0",
        encapsulation="tunnel-mode",
        keepalive="disable",
        keylife_type="seconds",
        keylifekbs=5120,
        keylifeseconds=43200,
        l2tp="disable",
        pfs="enable",
        phase1name=trnamex2.name,
        proposal="null-md5 null-sha1 null-sha256",
        protocol=0,
        replay="enable",
        route_overlap="use-new",
        selector_match="auto",
        single_source="disable",
        src_addr_type="subnet",
        src_end_ip="0.0.0.0",
        src_end_ip6="::",
        src_port=0,
        src_start_ip="0.0.0.0",
        src_start_ip6="::",
        src_subnet="0.0.0.0 0.0.0.0",
        src_subnet6="::/0",
        use_natip="disable")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		trnamex2, err := vpn.NewPhase1(ctx, "trnamex2", &vpn.Phase1Args{
    			AcctVerify:             pulumi.String("disable"),
    			AddGwRoute:             pulumi.String("disable"),
    			AddRoute:               pulumi.String("disable"),
    			AssignIp:               pulumi.String("enable"),
    			AssignIpFrom:           pulumi.String("range"),
    			Authmethod:             pulumi.String("psk"),
    			AutoNegotiate:          pulumi.String("enable"),
    			CertIdValidation:       pulumi.String("enable"),
    			ChildlessIke:           pulumi.String("disable"),
    			ClientAutoNegotiate:    pulumi.String("disable"),
    			ClientKeepAlive:        pulumi.String("disable"),
    			Dhgrp:                  pulumi.String("14 5"),
    			DigitalSignatureAuth:   pulumi.String("disable"),
    			Distance:               pulumi.Int(15),
    			DnsMode:                pulumi.String("manual"),
    			Dpd:                    pulumi.String("on-demand"),
    			DpdRetrycount:          pulumi.Int(3),
    			DpdRetryinterval:       pulumi.String("20"),
    			Eap:                    pulumi.String("disable"),
    			EapIdentity:            pulumi.String("use-id-payload"),
    			EnforceUniqueId:        pulumi.String("disable"),
    			ForticlientEnforcement: pulumi.String("disable"),
    			Fragmentation:          pulumi.String("enable"),
    			FragmentationMtu:       pulumi.Int(1200),
    			GroupAuthentication:    pulumi.String("disable"),
    			HaSyncEspSeqno:         pulumi.String("enable"),
    			IdleTimeout:            pulumi.String("disable"),
    			IdleTimeoutinterval:    pulumi.Int(15),
    			IkeVersion:             pulumi.String("1"),
    			IncludeLocalLan:        pulumi.String("disable"),
    			Interface:              pulumi.String("port4"),
    			Ipv4DnsServer1:         pulumi.String("0.0.0.0"),
    			Ipv4DnsServer2:         pulumi.String("0.0.0.0"),
    			Ipv4DnsServer3:         pulumi.String("0.0.0.0"),
    			Ipv4EndIp:              pulumi.String("0.0.0.0"),
    			Ipv4Netmask:            pulumi.String("255.255.255.255"),
    			Ipv4StartIp:            pulumi.String("0.0.0.0"),
    			Ipv4WinsServer1:        pulumi.String("0.0.0.0"),
    			Ipv4WinsServer2:        pulumi.String("0.0.0.0"),
    			Ipv6DnsServer1:         pulumi.String("::"),
    			Ipv6DnsServer2:         pulumi.String("::"),
    			Ipv6DnsServer3:         pulumi.String("::"),
    			Ipv6EndIp:              pulumi.String("::"),
    			Ipv6Prefix:             pulumi.Int(128),
    			Ipv6StartIp:            pulumi.String("::"),
    			Keepalive:              pulumi.Int(10),
    			Keylife:                pulumi.Int(86400),
    			LocalGw:                pulumi.String("0.0.0.0"),
    			LocalidType:            pulumi.String("auto"),
    			MeshSelectorType:       pulumi.String("disable"),
    			Mode:                   pulumi.String("main"),
    			ModeCfg:                pulumi.String("disable"),
    			Nattraversal:           pulumi.String("enable"),
    			NegotiateTimeout:       pulumi.Int(30),
    			Peertype:               pulumi.String("any"),
    			Ppk:                    pulumi.String("disable"),
    			Priority:               pulumi.Int(0),
    			Proposal:               pulumi.String("aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1"),
    			Psksecret:              pulumi.String("dewcEde2112"),
    			Reauth:                 pulumi.String("disable"),
    			Rekey:                  pulumi.String("enable"),
    			RemoteGw:               pulumi.String("2.1.1.1"),
    			RsaSignatureFormat:     pulumi.String("pkcs1"),
    			SavePassword:           pulumi.String("disable"),
    			SendCertChain:          pulumi.String("enable"),
    			SignatureHashAlg:       pulumi.String("sha2-512 sha2-384 sha2-256 sha1"),
    			SuiteB:                 pulumi.String("disable"),
    			Type:                   pulumi.String("static"),
    			UnitySupport:           pulumi.String("enable"),
    			WizardType:             pulumi.String("custom"),
    			Xauthtype:              pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = vpn.NewPhase2(ctx, "trname", &vpn.Phase2Args{
    			AddRoute:       pulumi.String("phase1"),
    			AutoNegotiate:  pulumi.String("disable"),
    			DhcpIpsec:      pulumi.String("disable"),
    			Dhgrp:          pulumi.String("14 5"),
    			DstAddrType:    pulumi.String("subnet"),
    			DstEndIp:       pulumi.String("0.0.0.0"),
    			DstEndIp6:      pulumi.String("::"),
    			DstPort:        pulumi.Int(0),
    			DstStartIp:     pulumi.String("0.0.0.0"),
    			DstStartIp6:    pulumi.String("::"),
    			DstSubnet:      pulumi.String("0.0.0.0 0.0.0.0"),
    			DstSubnet6:     pulumi.String("::/0"),
    			Encapsulation:  pulumi.String("tunnel-mode"),
    			Keepalive:      pulumi.String("disable"),
    			KeylifeType:    pulumi.String("seconds"),
    			Keylifekbs:     pulumi.Int(5120),
    			Keylifeseconds: pulumi.Int(43200),
    			L2tp:           pulumi.String("disable"),
    			Pfs:            pulumi.String("enable"),
    			Phase1name:     trnamex2.Name,
    			Proposal:       pulumi.String("null-md5 null-sha1 null-sha256"),
    			Protocol:       pulumi.Int(0),
    			Replay:         pulumi.String("enable"),
    			RouteOverlap:   pulumi.String("use-new"),
    			SelectorMatch:  pulumi.String("auto"),
    			SingleSource:   pulumi.String("disable"),
    			SrcAddrType:    pulumi.String("subnet"),
    			SrcEndIp:       pulumi.String("0.0.0.0"),
    			SrcEndIp6:      pulumi.String("::"),
    			SrcPort:        pulumi.Int(0),
    			SrcStartIp:     pulumi.String("0.0.0.0"),
    			SrcStartIp6:    pulumi.String("::"),
    			SrcSubnet:      pulumi.String("0.0.0.0 0.0.0.0"),
    			SrcSubnet6:     pulumi.String("::/0"),
    			UseNatip:       pulumi.String("disable"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trnamex2 = new Fortios.Vpn.Ipsec.Phase1("trnamex2", new()
        {
            AcctVerify = "disable",
            AddGwRoute = "disable",
            AddRoute = "disable",
            AssignIp = "enable",
            AssignIpFrom = "range",
            Authmethod = "psk",
            AutoNegotiate = "enable",
            CertIdValidation = "enable",
            ChildlessIke = "disable",
            ClientAutoNegotiate = "disable",
            ClientKeepAlive = "disable",
            Dhgrp = "14 5",
            DigitalSignatureAuth = "disable",
            Distance = 15,
            DnsMode = "manual",
            Dpd = "on-demand",
            DpdRetrycount = 3,
            DpdRetryinterval = "20",
            Eap = "disable",
            EapIdentity = "use-id-payload",
            EnforceUniqueId = "disable",
            ForticlientEnforcement = "disable",
            Fragmentation = "enable",
            FragmentationMtu = 1200,
            GroupAuthentication = "disable",
            HaSyncEspSeqno = "enable",
            IdleTimeout = "disable",
            IdleTimeoutinterval = 15,
            IkeVersion = "1",
            IncludeLocalLan = "disable",
            Interface = "port4",
            Ipv4DnsServer1 = "0.0.0.0",
            Ipv4DnsServer2 = "0.0.0.0",
            Ipv4DnsServer3 = "0.0.0.0",
            Ipv4EndIp = "0.0.0.0",
            Ipv4Netmask = "255.255.255.255",
            Ipv4StartIp = "0.0.0.0",
            Ipv4WinsServer1 = "0.0.0.0",
            Ipv4WinsServer2 = "0.0.0.0",
            Ipv6DnsServer1 = "::",
            Ipv6DnsServer2 = "::",
            Ipv6DnsServer3 = "::",
            Ipv6EndIp = "::",
            Ipv6Prefix = 128,
            Ipv6StartIp = "::",
            Keepalive = 10,
            Keylife = 86400,
            LocalGw = "0.0.0.0",
            LocalidType = "auto",
            MeshSelectorType = "disable",
            Mode = "main",
            ModeCfg = "disable",
            Nattraversal = "enable",
            NegotiateTimeout = 30,
            Peertype = "any",
            Ppk = "disable",
            Priority = 0,
            Proposal = "aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
            Psksecret = "dewcEde2112",
            Reauth = "disable",
            Rekey = "enable",
            RemoteGw = "2.1.1.1",
            RsaSignatureFormat = "pkcs1",
            SavePassword = "disable",
            SendCertChain = "enable",
            SignatureHashAlg = "sha2-512 sha2-384 sha2-256 sha1",
            SuiteB = "disable",
            Type = "static",
            UnitySupport = "enable",
            WizardType = "custom",
            Xauthtype = "disable",
        });
    
        var trname = new Fortios.Vpn.Ipsec.Phase2("trname", new()
        {
            AddRoute = "phase1",
            AutoNegotiate = "disable",
            DhcpIpsec = "disable",
            Dhgrp = "14 5",
            DstAddrType = "subnet",
            DstEndIp = "0.0.0.0",
            DstEndIp6 = "::",
            DstPort = 0,
            DstStartIp = "0.0.0.0",
            DstStartIp6 = "::",
            DstSubnet = "0.0.0.0 0.0.0.0",
            DstSubnet6 = "::/0",
            Encapsulation = "tunnel-mode",
            Keepalive = "disable",
            KeylifeType = "seconds",
            Keylifekbs = 5120,
            Keylifeseconds = 43200,
            L2tp = "disable",
            Pfs = "enable",
            Phase1name = trnamex2.Name,
            Proposal = "null-md5 null-sha1 null-sha256",
            Protocol = 0,
            Replay = "enable",
            RouteOverlap = "use-new",
            SelectorMatch = "auto",
            SingleSource = "disable",
            SrcAddrType = "subnet",
            SrcEndIp = "0.0.0.0",
            SrcEndIp6 = "::",
            SrcPort = 0,
            SrcStartIp = "0.0.0.0",
            SrcStartIp6 = "::",
            SrcSubnet = "0.0.0.0 0.0.0.0",
            SrcSubnet6 = "::/0",
            UseNatip = "disable",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.vpn.Phase1;
    import com.pulumi.fortios.vpn.Phase1Args;
    import com.pulumi.fortios.vpn.Phase2;
    import com.pulumi.fortios.vpn.Phase2Args;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trnamex2 = new Phase1("trnamex2", Phase1Args.builder()
                .acctVerify("disable")
                .addGwRoute("disable")
                .addRoute("disable")
                .assignIp("enable")
                .assignIpFrom("range")
                .authmethod("psk")
                .autoNegotiate("enable")
                .certIdValidation("enable")
                .childlessIke("disable")
                .clientAutoNegotiate("disable")
                .clientKeepAlive("disable")
                .dhgrp("14 5")
                .digitalSignatureAuth("disable")
                .distance(15)
                .dnsMode("manual")
                .dpd("on-demand")
                .dpdRetrycount(3)
                .dpdRetryinterval("20")
                .eap("disable")
                .eapIdentity("use-id-payload")
                .enforceUniqueId("disable")
                .forticlientEnforcement("disable")
                .fragmentation("enable")
                .fragmentationMtu(1200)
                .groupAuthentication("disable")
                .haSyncEspSeqno("enable")
                .idleTimeout("disable")
                .idleTimeoutinterval(15)
                .ikeVersion("1")
                .includeLocalLan("disable")
                .interface_("port4")
                .ipv4DnsServer1("0.0.0.0")
                .ipv4DnsServer2("0.0.0.0")
                .ipv4DnsServer3("0.0.0.0")
                .ipv4EndIp("0.0.0.0")
                .ipv4Netmask("255.255.255.255")
                .ipv4StartIp("0.0.0.0")
                .ipv4WinsServer1("0.0.0.0")
                .ipv4WinsServer2("0.0.0.0")
                .ipv6DnsServer1("::")
                .ipv6DnsServer2("::")
                .ipv6DnsServer3("::")
                .ipv6EndIp("::")
                .ipv6Prefix(128)
                .ipv6StartIp("::")
                .keepalive(10)
                .keylife(86400)
                .localGw("0.0.0.0")
                .localidType("auto")
                .meshSelectorType("disable")
                .mode("main")
                .modeCfg("disable")
                .nattraversal("enable")
                .negotiateTimeout(30)
                .peertype("any")
                .ppk("disable")
                .priority(0)
                .proposal("aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1")
                .psksecret("dewcEde2112")
                .reauth("disable")
                .rekey("enable")
                .remoteGw("2.1.1.1")
                .rsaSignatureFormat("pkcs1")
                .savePassword("disable")
                .sendCertChain("enable")
                .signatureHashAlg("sha2-512 sha2-384 sha2-256 sha1")
                .suiteB("disable")
                .type("static")
                .unitySupport("enable")
                .wizardType("custom")
                .xauthtype("disable")
                .build());
    
            var trname = new Phase2("trname", Phase2Args.builder()
                .addRoute("phase1")
                .autoNegotiate("disable")
                .dhcpIpsec("disable")
                .dhgrp("14 5")
                .dstAddrType("subnet")
                .dstEndIp("0.0.0.0")
                .dstEndIp6("::")
                .dstPort(0)
                .dstStartIp("0.0.0.0")
                .dstStartIp6("::")
                .dstSubnet("0.0.0.0 0.0.0.0")
                .dstSubnet6("::/0")
                .encapsulation("tunnel-mode")
                .keepalive("disable")
                .keylifeType("seconds")
                .keylifekbs(5120)
                .keylifeseconds(43200)
                .l2tp("disable")
                .pfs("enable")
                .phase1name(trnamex2.name())
                .proposal("null-md5 null-sha1 null-sha256")
                .protocol(0)
                .replay("enable")
                .routeOverlap("use-new")
                .selectorMatch("auto")
                .singleSource("disable")
                .srcAddrType("subnet")
                .srcEndIp("0.0.0.0")
                .srcEndIp6("::")
                .srcPort(0)
                .srcStartIp("0.0.0.0")
                .srcStartIp6("::")
                .srcSubnet("0.0.0.0 0.0.0.0")
                .srcSubnet6("::/0")
                .useNatip("disable")
                .build());
    
        }
    }
    
    resources:
      trnamex2:
        type: fortios:vpn/ipsec:Phase1
        properties:
          acctVerify: disable
          addGwRoute: disable
          addRoute: disable
          assignIp: enable
          assignIpFrom: range
          authmethod: psk
          autoNegotiate: enable
          certIdValidation: enable
          childlessIke: disable
          clientAutoNegotiate: disable
          clientKeepAlive: disable
          dhgrp: 14 5
          digitalSignatureAuth: disable
          distance: 15
          dnsMode: manual
          dpd: on-demand
          dpdRetrycount: 3
          dpdRetryinterval: '20'
          eap: disable
          eapIdentity: use-id-payload
          enforceUniqueId: disable
          forticlientEnforcement: disable
          fragmentation: enable
          fragmentationMtu: 1200
          groupAuthentication: disable
          haSyncEspSeqno: enable
          idleTimeout: disable
          idleTimeoutinterval: 15
          ikeVersion: '1'
          includeLocalLan: disable
          interface: port4
          ipv4DnsServer1: 0.0.0.0
          ipv4DnsServer2: 0.0.0.0
          ipv4DnsServer3: 0.0.0.0
          ipv4EndIp: 0.0.0.0
          ipv4Netmask: 255.255.255.255
          ipv4StartIp: 0.0.0.0
          ipv4WinsServer1: 0.0.0.0
          ipv4WinsServer2: 0.0.0.0
          ipv6DnsServer1: '::'
          ipv6DnsServer2: '::'
          ipv6DnsServer3: '::'
          ipv6EndIp: '::'
          ipv6Prefix: 128
          ipv6StartIp: '::'
          keepalive: 10
          keylife: 86400
          localGw: 0.0.0.0
          localidType: auto
          meshSelectorType: disable
          mode: main
          modeCfg: disable
          nattraversal: enable
          negotiateTimeout: 30
          peertype: any
          ppk: disable
          priority: 0
          proposal: aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
          psksecret: dewcEde2112
          reauth: disable
          rekey: enable
          remoteGw: 2.1.1.1
          rsaSignatureFormat: pkcs1
          savePassword: disable
          sendCertChain: enable
          signatureHashAlg: sha2-512 sha2-384 sha2-256 sha1
          suiteB: disable
          type: static
          unitySupport: enable
          wizardType: custom
          xauthtype: disable
      trname:
        type: fortios:vpn/ipsec:Phase2
        properties:
          addRoute: phase1
          autoNegotiate: disable
          dhcpIpsec: disable
          dhgrp: 14 5
          dstAddrType: subnet
          dstEndIp: 0.0.0.0
          dstEndIp6: '::'
          dstPort: 0
          dstStartIp: 0.0.0.0
          dstStartIp6: '::'
          dstSubnet: 0.0.0.0 0.0.0.0
          dstSubnet6: ::/0
          encapsulation: tunnel-mode
          keepalive: disable
          keylifeType: seconds
          keylifekbs: 5120
          keylifeseconds: 43200
          l2tp: disable
          pfs: enable
          phase1name: ${trnamex2.name}
          proposal: null-md5 null-sha1 null-sha256
          protocol: 0
          replay: enable
          routeOverlap: use-new
          selectorMatch: auto
          singleSource: disable
          srcAddrType: subnet
          srcEndIp: 0.0.0.0
          srcEndIp6: '::'
          srcPort: 0
          srcStartIp: 0.0.0.0
          srcStartIp6: '::'
          srcSubnet: 0.0.0.0 0.0.0.0
          srcSubnet6: ::/0
          useNatip: disable
    

    Create Phase2 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Phase2(name: string, args: Phase2Args, opts?: CustomResourceOptions);
    @overload
    def Phase2(resource_name: str,
               args: Phase2Args,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Phase2(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               phase1name: Optional[str] = None,
               proposal: Optional[str] = None,
               keylife_type: Optional[str] = None,
               use_natip: Optional[str] = None,
               dhgrp: Optional[str] = None,
               keylifeseconds: Optional[int] = None,
               diffservcode: Optional[str] = None,
               dst_addr_type: Optional[str] = None,
               dst_end_ip: Optional[str] = None,
               dst_end_ip6: Optional[str] = None,
               dst_name: Optional[str] = None,
               dst_name6: Optional[str] = None,
               dst_port: Optional[int] = None,
               dst_start_ip: Optional[str] = None,
               dst_start_ip6: Optional[str] = None,
               dst_subnet: Optional[str] = None,
               dst_subnet6: Optional[str] = None,
               encapsulation: Optional[str] = None,
               inbound_dscp_copy: Optional[str] = None,
               name: Optional[str] = None,
               ipv4_df: Optional[str] = None,
               keepalive: Optional[str] = None,
               add_route: Optional[str] = None,
               keylifekbs: Optional[int] = None,
               diffserv: Optional[str] = None,
               dhcp_ipsec: Optional[str] = None,
               initiator_ts_narrow: Optional[str] = None,
               pfs: Optional[str] = None,
               comments: Optional[str] = None,
               auto_negotiate: Optional[str] = None,
               protocol: Optional[int] = None,
               replay: Optional[str] = None,
               route_overlap: Optional[str] = None,
               selector_match: Optional[str] = None,
               single_source: Optional[str] = None,
               src_addr_type: Optional[str] = None,
               src_end_ip: Optional[str] = None,
               src_end_ip6: Optional[str] = None,
               src_name: Optional[str] = None,
               src_name6: Optional[str] = None,
               src_port: Optional[int] = None,
               src_start_ip: Optional[str] = None,
               src_start_ip6: Optional[str] = None,
               src_subnet: Optional[str] = None,
               src_subnet6: Optional[str] = None,
               l2tp: Optional[str] = None,
               vdomparam: Optional[str] = None)
    func NewPhase2(ctx *Context, name string, args Phase2Args, opts ...ResourceOption) (*Phase2, error)
    public Phase2(string name, Phase2Args args, CustomResourceOptions? opts = null)
    public Phase2(String name, Phase2Args args)
    public Phase2(String name, Phase2Args args, CustomResourceOptions options)
    
    type: fortios:vpn/ipsec/phase2:Phase2
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args Phase2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args Phase2Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args Phase2Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args Phase2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args Phase2Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Phase2 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Phase2 resource accepts the following input properties:

    Phase1name string
    Phase 1 determines the options required for phase 2.
    Proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    AddRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    AutoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    Comments string
    Comment.
    DhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    Dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    Diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    Diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    DstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    DstEndIp string
    Remote proxy ID IPv4 end.
    DstEndIp6 string
    Remote proxy ID IPv6 end.
    DstName string
    Remote proxy ID name.
    DstName6 string
    Remote proxy ID name.
    DstPort int
    Quick mode destination port (1 - 65535 or 0 for all).
    DstStartIp string
    Remote proxy ID IPv4 start.
    DstStartIp6 string
    Remote proxy ID IPv6 start.
    DstSubnet string
    Remote proxy ID IPv4 subnet.
    DstSubnet6 string
    Remote proxy ID IPv6 subnet.
    Encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    InboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    InitiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    Ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    Keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    KeylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    Keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    Keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    L2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    Name string
    IPsec tunnel name.
    Pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    Protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    Replay string
    Enable/disable replay detection. Valid values: enable, disable.
    RouteOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    SelectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    SingleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    SrcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    SrcEndIp string
    Local proxy ID end.
    SrcEndIp6 string
    Local proxy ID IPv6 end.
    SrcName string
    Local proxy ID name.
    SrcName6 string
    Local proxy ID name.
    SrcPort int
    Quick mode source port (1 - 65535 or 0 for all).
    SrcStartIp string
    Local proxy ID start.
    SrcStartIp6 string
    Local proxy ID IPv6 start.
    SrcSubnet string
    Local proxy ID subnet.
    SrcSubnet6 string
    Local proxy ID IPv6 subnet.
    UseNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    Phase1name string
    Phase 1 determines the options required for phase 2.
    Proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    AddRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    AutoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    Comments string
    Comment.
    DhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    Dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    Diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    Diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    DstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    DstEndIp string
    Remote proxy ID IPv4 end.
    DstEndIp6 string
    Remote proxy ID IPv6 end.
    DstName string
    Remote proxy ID name.
    DstName6 string
    Remote proxy ID name.
    DstPort int
    Quick mode destination port (1 - 65535 or 0 for all).
    DstStartIp string
    Remote proxy ID IPv4 start.
    DstStartIp6 string
    Remote proxy ID IPv6 start.
    DstSubnet string
    Remote proxy ID IPv4 subnet.
    DstSubnet6 string
    Remote proxy ID IPv6 subnet.
    Encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    InboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    InitiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    Ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    Keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    KeylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    Keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    Keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    L2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    Name string
    IPsec tunnel name.
    Pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    Protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    Replay string
    Enable/disable replay detection. Valid values: enable, disable.
    RouteOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    SelectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    SingleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    SrcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    SrcEndIp string
    Local proxy ID end.
    SrcEndIp6 string
    Local proxy ID IPv6 end.
    SrcName string
    Local proxy ID name.
    SrcName6 string
    Local proxy ID name.
    SrcPort int
    Quick mode source port (1 - 65535 or 0 for all).
    SrcStartIp string
    Local proxy ID start.
    SrcStartIp6 string
    Local proxy ID IPv6 start.
    SrcSubnet string
    Local proxy ID subnet.
    SrcSubnet6 string
    Local proxy ID IPv6 subnet.
    UseNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    phase1name String
    Phase 1 determines the options required for phase 2.
    proposal String
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    addRoute String
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate String
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments String
    Comment.
    dhcpIpsec String
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp String
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv String
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode String
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType String
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp String
    Remote proxy ID IPv4 end.
    dstEndIp6 String
    Remote proxy ID IPv6 end.
    dstName String
    Remote proxy ID name.
    dstName6 String
    Remote proxy ID name.
    dstPort Integer
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp String
    Remote proxy ID IPv4 start.
    dstStartIp6 String
    Remote proxy ID IPv6 start.
    dstSubnet String
    Remote proxy ID IPv4 subnet.
    dstSubnet6 String
    Remote proxy ID IPv6 subnet.
    encapsulation String
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy String
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow String
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df String
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive String
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType String
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs Integer
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds Integer
    Phase2 key life in time in seconds (120 - 172800).
    l2tp String
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name String
    IPsec tunnel name.
    pfs String
    Enable/disable PFS feature. Valid values: enable, disable.
    protocol Integer
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay String
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap String
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch String
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource String
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType String
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp String
    Local proxy ID end.
    srcEndIp6 String
    Local proxy ID IPv6 end.
    srcName String
    Local proxy ID name.
    srcName6 String
    Local proxy ID name.
    srcPort Integer
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp String
    Local proxy ID start.
    srcStartIp6 String
    Local proxy ID IPv6 start.
    srcSubnet String
    Local proxy ID subnet.
    srcSubnet6 String
    Local proxy ID IPv6 subnet.
    useNatip String
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    phase1name string
    Phase 1 determines the options required for phase 2.
    proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    addRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments string
    Comment.
    dhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp string
    Remote proxy ID IPv4 end.
    dstEndIp6 string
    Remote proxy ID IPv6 end.
    dstName string
    Remote proxy ID name.
    dstName6 string
    Remote proxy ID name.
    dstPort number
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp string
    Remote proxy ID IPv4 start.
    dstStartIp6 string
    Remote proxy ID IPv6 start.
    dstSubnet string
    Remote proxy ID IPv4 subnet.
    dstSubnet6 string
    Remote proxy ID IPv6 subnet.
    encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs number
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds number
    Phase2 key life in time in seconds (120 - 172800).
    l2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name string
    IPsec tunnel name.
    pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    protocol number
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay string
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp string
    Local proxy ID end.
    srcEndIp6 string
    Local proxy ID IPv6 end.
    srcName string
    Local proxy ID name.
    srcName6 string
    Local proxy ID name.
    srcPort number
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp string
    Local proxy ID start.
    srcStartIp6 string
    Local proxy ID IPv6 start.
    srcSubnet string
    Local proxy ID subnet.
    srcSubnet6 string
    Local proxy ID IPv6 subnet.
    useNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    phase1name str
    Phase 1 determines the options required for phase 2.
    proposal str
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    add_route str
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    auto_negotiate str
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments str
    Comment.
    dhcp_ipsec str
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp str
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv str
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode str
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dst_addr_type str
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dst_end_ip str
    Remote proxy ID IPv4 end.
    dst_end_ip6 str
    Remote proxy ID IPv6 end.
    dst_name str
    Remote proxy ID name.
    dst_name6 str
    Remote proxy ID name.
    dst_port int
    Quick mode destination port (1 - 65535 or 0 for all).
    dst_start_ip str
    Remote proxy ID IPv4 start.
    dst_start_ip6 str
    Remote proxy ID IPv6 start.
    dst_subnet str
    Remote proxy ID IPv4 subnet.
    dst_subnet6 str
    Remote proxy ID IPv6 subnet.
    encapsulation str
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inbound_dscp_copy str
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiator_ts_narrow str
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4_df str
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive str
    Enable/disable keep alive. Valid values: enable, disable.
    keylife_type str
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    l2tp str
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name str
    IPsec tunnel name.
    pfs str
    Enable/disable PFS feature. Valid values: enable, disable.
    protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay str
    Enable/disable replay detection. Valid values: enable, disable.
    route_overlap str
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selector_match str
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    single_source str
    Enable/disable single source IP restriction. Valid values: enable, disable.
    src_addr_type str
    Local proxy ID type. Valid values: subnet, range, ip, name.
    src_end_ip str
    Local proxy ID end.
    src_end_ip6 str
    Local proxy ID IPv6 end.
    src_name str
    Local proxy ID name.
    src_name6 str
    Local proxy ID name.
    src_port int
    Quick mode source port (1 - 65535 or 0 for all).
    src_start_ip str
    Local proxy ID start.
    src_start_ip6 str
    Local proxy ID IPv6 start.
    src_subnet str
    Local proxy ID subnet.
    src_subnet6 str
    Local proxy ID IPv6 subnet.
    use_natip str
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    phase1name String
    Phase 1 determines the options required for phase 2.
    proposal String
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    addRoute String
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate String
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments String
    Comment.
    dhcpIpsec String
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp String
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv String
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode String
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType String
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp String
    Remote proxy ID IPv4 end.
    dstEndIp6 String
    Remote proxy ID IPv6 end.
    dstName String
    Remote proxy ID name.
    dstName6 String
    Remote proxy ID name.
    dstPort Number
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp String
    Remote proxy ID IPv4 start.
    dstStartIp6 String
    Remote proxy ID IPv6 start.
    dstSubnet String
    Remote proxy ID IPv4 subnet.
    dstSubnet6 String
    Remote proxy ID IPv6 subnet.
    encapsulation String
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy String
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow String
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df String
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive String
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType String
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs Number
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds Number
    Phase2 key life in time in seconds (120 - 172800).
    l2tp String
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name String
    IPsec tunnel name.
    pfs String
    Enable/disable PFS feature. Valid values: enable, disable.
    protocol Number
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay String
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap String
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch String
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource String
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType String
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp String
    Local proxy ID end.
    srcEndIp6 String
    Local proxy ID IPv6 end.
    srcName String
    Local proxy ID name.
    srcName6 String
    Local proxy ID name.
    srcPort Number
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp String
    Local proxy ID start.
    srcStartIp6 String
    Local proxy ID IPv6 start.
    srcSubnet String
    Local proxy ID subnet.
    srcSubnet6 String
    Local proxy ID IPv6 subnet.
    useNatip String
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Phase2 resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Phase2 Resource

    Get an existing Phase2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: Phase2State, opts?: CustomResourceOptions): Phase2
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            add_route: Optional[str] = None,
            auto_negotiate: Optional[str] = None,
            comments: Optional[str] = None,
            dhcp_ipsec: Optional[str] = None,
            dhgrp: Optional[str] = None,
            diffserv: Optional[str] = None,
            diffservcode: Optional[str] = None,
            dst_addr_type: Optional[str] = None,
            dst_end_ip: Optional[str] = None,
            dst_end_ip6: Optional[str] = None,
            dst_name: Optional[str] = None,
            dst_name6: Optional[str] = None,
            dst_port: Optional[int] = None,
            dst_start_ip: Optional[str] = None,
            dst_start_ip6: Optional[str] = None,
            dst_subnet: Optional[str] = None,
            dst_subnet6: Optional[str] = None,
            encapsulation: Optional[str] = None,
            inbound_dscp_copy: Optional[str] = None,
            initiator_ts_narrow: Optional[str] = None,
            ipv4_df: Optional[str] = None,
            keepalive: Optional[str] = None,
            keylife_type: Optional[str] = None,
            keylifekbs: Optional[int] = None,
            keylifeseconds: Optional[int] = None,
            l2tp: Optional[str] = None,
            name: Optional[str] = None,
            pfs: Optional[str] = None,
            phase1name: Optional[str] = None,
            proposal: Optional[str] = None,
            protocol: Optional[int] = None,
            replay: Optional[str] = None,
            route_overlap: Optional[str] = None,
            selector_match: Optional[str] = None,
            single_source: Optional[str] = None,
            src_addr_type: Optional[str] = None,
            src_end_ip: Optional[str] = None,
            src_end_ip6: Optional[str] = None,
            src_name: Optional[str] = None,
            src_name6: Optional[str] = None,
            src_port: Optional[int] = None,
            src_start_ip: Optional[str] = None,
            src_start_ip6: Optional[str] = None,
            src_subnet: Optional[str] = None,
            src_subnet6: Optional[str] = None,
            use_natip: Optional[str] = None,
            vdomparam: Optional[str] = None) -> Phase2
    func GetPhase2(ctx *Context, name string, id IDInput, state *Phase2State, opts ...ResourceOption) (*Phase2, error)
    public static Phase2 Get(string name, Input<string> id, Phase2State? state, CustomResourceOptions? opts = null)
    public static Phase2 get(String name, Output<String> id, Phase2State state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AddRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    AutoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    Comments string
    Comment.
    DhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    Dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    Diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    Diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    DstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    DstEndIp string
    Remote proxy ID IPv4 end.
    DstEndIp6 string
    Remote proxy ID IPv6 end.
    DstName string
    Remote proxy ID name.
    DstName6 string
    Remote proxy ID name.
    DstPort int
    Quick mode destination port (1 - 65535 or 0 for all).
    DstStartIp string
    Remote proxy ID IPv4 start.
    DstStartIp6 string
    Remote proxy ID IPv6 start.
    DstSubnet string
    Remote proxy ID IPv4 subnet.
    DstSubnet6 string
    Remote proxy ID IPv6 subnet.
    Encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    InboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    InitiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    Ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    Keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    KeylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    Keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    Keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    L2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    Name string
    IPsec tunnel name.
    Pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    Phase1name string
    Phase 1 determines the options required for phase 2.
    Proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    Protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    Replay string
    Enable/disable replay detection. Valid values: enable, disable.
    RouteOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    SelectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    SingleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    SrcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    SrcEndIp string
    Local proxy ID end.
    SrcEndIp6 string
    Local proxy ID IPv6 end.
    SrcName string
    Local proxy ID name.
    SrcName6 string
    Local proxy ID name.
    SrcPort int
    Quick mode source port (1 - 65535 or 0 for all).
    SrcStartIp string
    Local proxy ID start.
    SrcStartIp6 string
    Local proxy ID IPv6 start.
    SrcSubnet string
    Local proxy ID subnet.
    SrcSubnet6 string
    Local proxy ID IPv6 subnet.
    UseNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    AddRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    AutoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    Comments string
    Comment.
    DhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    Dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    Diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    Diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    DstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    DstEndIp string
    Remote proxy ID IPv4 end.
    DstEndIp6 string
    Remote proxy ID IPv6 end.
    DstName string
    Remote proxy ID name.
    DstName6 string
    Remote proxy ID name.
    DstPort int
    Quick mode destination port (1 - 65535 or 0 for all).
    DstStartIp string
    Remote proxy ID IPv4 start.
    DstStartIp6 string
    Remote proxy ID IPv6 start.
    DstSubnet string
    Remote proxy ID IPv4 subnet.
    DstSubnet6 string
    Remote proxy ID IPv6 subnet.
    Encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    InboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    InitiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    Ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    Keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    KeylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    Keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    Keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    L2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    Name string
    IPsec tunnel name.
    Pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    Phase1name string
    Phase 1 determines the options required for phase 2.
    Proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    Protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    Replay string
    Enable/disable replay detection. Valid values: enable, disable.
    RouteOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    SelectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    SingleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    SrcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    SrcEndIp string
    Local proxy ID end.
    SrcEndIp6 string
    Local proxy ID IPv6 end.
    SrcName string
    Local proxy ID name.
    SrcName6 string
    Local proxy ID name.
    SrcPort int
    Quick mode source port (1 - 65535 or 0 for all).
    SrcStartIp string
    Local proxy ID start.
    SrcStartIp6 string
    Local proxy ID IPv6 start.
    SrcSubnet string
    Local proxy ID subnet.
    SrcSubnet6 string
    Local proxy ID IPv6 subnet.
    UseNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    addRoute String
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate String
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments String
    Comment.
    dhcpIpsec String
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp String
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv String
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode String
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType String
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp String
    Remote proxy ID IPv4 end.
    dstEndIp6 String
    Remote proxy ID IPv6 end.
    dstName String
    Remote proxy ID name.
    dstName6 String
    Remote proxy ID name.
    dstPort Integer
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp String
    Remote proxy ID IPv4 start.
    dstStartIp6 String
    Remote proxy ID IPv6 start.
    dstSubnet String
    Remote proxy ID IPv4 subnet.
    dstSubnet6 String
    Remote proxy ID IPv6 subnet.
    encapsulation String
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy String
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow String
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df String
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive String
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType String
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs Integer
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds Integer
    Phase2 key life in time in seconds (120 - 172800).
    l2tp String
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name String
    IPsec tunnel name.
    pfs String
    Enable/disable PFS feature. Valid values: enable, disable.
    phase1name String
    Phase 1 determines the options required for phase 2.
    proposal String
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    protocol Integer
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay String
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap String
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch String
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource String
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType String
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp String
    Local proxy ID end.
    srcEndIp6 String
    Local proxy ID IPv6 end.
    srcName String
    Local proxy ID name.
    srcName6 String
    Local proxy ID name.
    srcPort Integer
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp String
    Local proxy ID start.
    srcStartIp6 String
    Local proxy ID IPv6 start.
    srcSubnet String
    Local proxy ID subnet.
    srcSubnet6 String
    Local proxy ID IPv6 subnet.
    useNatip String
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    addRoute string
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate string
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments string
    Comment.
    dhcpIpsec string
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp string
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv string
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode string
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType string
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp string
    Remote proxy ID IPv4 end.
    dstEndIp6 string
    Remote proxy ID IPv6 end.
    dstName string
    Remote proxy ID name.
    dstName6 string
    Remote proxy ID name.
    dstPort number
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp string
    Remote proxy ID IPv4 start.
    dstStartIp6 string
    Remote proxy ID IPv6 start.
    dstSubnet string
    Remote proxy ID IPv4 subnet.
    dstSubnet6 string
    Remote proxy ID IPv6 subnet.
    encapsulation string
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy string
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow string
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df string
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive string
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType string
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs number
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds number
    Phase2 key life in time in seconds (120 - 172800).
    l2tp string
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name string
    IPsec tunnel name.
    pfs string
    Enable/disable PFS feature. Valid values: enable, disable.
    phase1name string
    Phase 1 determines the options required for phase 2.
    proposal string
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    protocol number
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay string
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap string
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch string
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource string
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType string
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp string
    Local proxy ID end.
    srcEndIp6 string
    Local proxy ID IPv6 end.
    srcName string
    Local proxy ID name.
    srcName6 string
    Local proxy ID name.
    srcPort number
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp string
    Local proxy ID start.
    srcStartIp6 string
    Local proxy ID IPv6 start.
    srcSubnet string
    Local proxy ID subnet.
    srcSubnet6 string
    Local proxy ID IPv6 subnet.
    useNatip string
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    add_route str
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    auto_negotiate str
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments str
    Comment.
    dhcp_ipsec str
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp str
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv str
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode str
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dst_addr_type str
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dst_end_ip str
    Remote proxy ID IPv4 end.
    dst_end_ip6 str
    Remote proxy ID IPv6 end.
    dst_name str
    Remote proxy ID name.
    dst_name6 str
    Remote proxy ID name.
    dst_port int
    Quick mode destination port (1 - 65535 or 0 for all).
    dst_start_ip str
    Remote proxy ID IPv4 start.
    dst_start_ip6 str
    Remote proxy ID IPv6 start.
    dst_subnet str
    Remote proxy ID IPv4 subnet.
    dst_subnet6 str
    Remote proxy ID IPv6 subnet.
    encapsulation str
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inbound_dscp_copy str
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiator_ts_narrow str
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4_df str
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive str
    Enable/disable keep alive. Valid values: enable, disable.
    keylife_type str
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs int
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds int
    Phase2 key life in time in seconds (120 - 172800).
    l2tp str
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name str
    IPsec tunnel name.
    pfs str
    Enable/disable PFS feature. Valid values: enable, disable.
    phase1name str
    Phase 1 determines the options required for phase 2.
    proposal str
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    protocol int
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay str
    Enable/disable replay detection. Valid values: enable, disable.
    route_overlap str
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selector_match str
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    single_source str
    Enable/disable single source IP restriction. Valid values: enable, disable.
    src_addr_type str
    Local proxy ID type. Valid values: subnet, range, ip, name.
    src_end_ip str
    Local proxy ID end.
    src_end_ip6 str
    Local proxy ID IPv6 end.
    src_name str
    Local proxy ID name.
    src_name6 str
    Local proxy ID name.
    src_port int
    Quick mode source port (1 - 65535 or 0 for all).
    src_start_ip str
    Local proxy ID start.
    src_start_ip6 str
    Local proxy ID IPv6 start.
    src_subnet str
    Local proxy ID subnet.
    src_subnet6 str
    Local proxy ID IPv6 subnet.
    use_natip str
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    addRoute String
    Enable/disable automatic route addition. Valid values: phase1, enable, disable.
    autoNegotiate String
    Enable/disable IPsec SA auto-negotiation. Valid values: enable, disable.
    comments String
    Comment.
    dhcpIpsec String
    Enable/disable DHCP-IPsec. Valid values: enable, disable.
    dhgrp String
    Phase2 DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
    diffserv String
    Enable/disable applying DSCP value to the IPsec tunnel outer IP header. Valid values: enable, disable.
    diffservcode String
    DSCP value to be applied to the IPsec tunnel outer IP header.
    dstAddrType String
    Remote proxy ID type. Valid values: subnet, range, ip, name.
    dstEndIp String
    Remote proxy ID IPv4 end.
    dstEndIp6 String
    Remote proxy ID IPv6 end.
    dstName String
    Remote proxy ID name.
    dstName6 String
    Remote proxy ID name.
    dstPort Number
    Quick mode destination port (1 - 65535 or 0 for all).
    dstStartIp String
    Remote proxy ID IPv4 start.
    dstStartIp6 String
    Remote proxy ID IPv6 start.
    dstSubnet String
    Remote proxy ID IPv4 subnet.
    dstSubnet6 String
    Remote proxy ID IPv6 subnet.
    encapsulation String
    ESP encapsulation mode. Valid values: tunnel-mode, transport-mode.
    inboundDscpCopy String
    Enable/disable copying of the DSCP field in the ESP header to the inner IP header. Valid values: phase1, enable, disable.
    initiatorTsNarrow String
    Enable/disable traffic selector narrowing for IKEv2 initiator. Valid values: enable, disable.
    ipv4Df String
    Enable/disable setting and resetting of IPv4 'Don't Fragment' bit. Valid values: enable, disable.
    keepalive String
    Enable/disable keep alive. Valid values: enable, disable.
    keylifeType String
    Keylife type. Valid values: seconds, kbs, both.
    keylifekbs Number
    Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).
    keylifeseconds Number
    Phase2 key life in time in seconds (120 - 172800).
    l2tp String
    Enable/disable L2TP over IPsec. Valid values: enable, disable.
    name String
    IPsec tunnel name.
    pfs String
    Enable/disable PFS feature. Valid values: enable, disable.
    phase1name String
    Phase 1 determines the options required for phase 2.
    proposal String
    Phase2 proposal. Valid values: null-md5, null-sha1, null-sha256, null-sha384, null-sha512, des-null, des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-null, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-null, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm, aes192-null, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-null, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm, chacha20poly1305, aria128-null, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-null, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-null, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-null, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
    protocol Number
    Quick mode protocol selector (1 - 255 or 0 for all).
    replay String
    Enable/disable replay detection. Valid values: enable, disable.
    routeOverlap String
    Action for overlapping routes. Valid values: use-old, use-new, allow.
    selectorMatch String
    Match type to use when comparing selectors. Valid values: exact, subset, auto.
    singleSource String
    Enable/disable single source IP restriction. Valid values: enable, disable.
    srcAddrType String
    Local proxy ID type. Valid values: subnet, range, ip, name.
    srcEndIp String
    Local proxy ID end.
    srcEndIp6 String
    Local proxy ID IPv6 end.
    srcName String
    Local proxy ID name.
    srcName6 String
    Local proxy ID name.
    srcPort Number
    Quick mode source port (1 - 65535 or 0 for all).
    srcStartIp String
    Local proxy ID start.
    srcStartIp6 String
    Local proxy ID IPv6 start.
    srcSubnet String
    Local proxy ID subnet.
    srcSubnet6 String
    Local proxy ID IPv6 subnet.
    useNatip String
    Enable to use the FortiGate public IP as the source selector when outbound NAT is used. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Import

    VpnIpsec Phase2 can be imported using any of these accepted formats:

    $ pulumi import fortios:vpn/ipsec/phase2:Phase2 labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:vpn/ipsec/phase2:Phase2 labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse