1. Packages
  2. Fortios
  3. API Docs
  4. vpn
  5. vpn/ssl
  6. Settings
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/ssl.Settings

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure SSL VPN.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.vpn.ssl.Settings("trname", {
        loginAttemptLimit: 2,
        loginBlockTime: 60,
        loginTimeout: 30,
        port: 443,
        servercert: "self-sign",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.vpn.ssl.Settings("trname",
        login_attempt_limit=2,
        login_block_time=60,
        login_timeout=30,
        port=443,
        servercert="self-sign")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := vpn.NewSettings(ctx, "trname", &vpn.SettingsArgs{
    			LoginAttemptLimit: pulumi.Int(2),
    			LoginBlockTime:    pulumi.Int(60),
    			LoginTimeout:      pulumi.Int(30),
    			Port:              pulumi.Int(443),
    			Servercert:        pulumi.String("self-sign"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Vpn.Ssl.Settings("trname", new()
        {
            LoginAttemptLimit = 2,
            LoginBlockTime = 60,
            LoginTimeout = 30,
            Port = 443,
            Servercert = "self-sign",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.vpn.Settings;
    import com.pulumi.fortios.vpn.SettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Settings("trname", SettingsArgs.builder()
                .loginAttemptLimit(2)
                .loginBlockTime(60)
                .loginTimeout(30)
                .port(443)
                .servercert("self-sign")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:vpn/ssl:Settings
        properties:
          loginAttemptLimit: 2
          loginBlockTime: 60
          loginTimeout: 30
          port: 443
          servercert: self-sign
    

    Create Settings Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Settings(name: string, args?: SettingsArgs, opts?: CustomResourceOptions);
    @overload
    def Settings(resource_name: str,
                 args: Optional[SettingsArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Settings(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 algorithm: Optional[str] = None,
                 auth_session_check_source_ip: Optional[str] = None,
                 auth_timeout: Optional[int] = None,
                 authentication_rules: Optional[Sequence[SettingsAuthenticationRuleArgs]] = None,
                 auto_tunnel_static_route: Optional[str] = None,
                 banned_cipher: Optional[str] = None,
                 browser_language_detection: Optional[str] = None,
                 check_referer: Optional[str] = None,
                 ciphersuite: Optional[str] = None,
                 client_sigalgs: Optional[str] = None,
                 default_portal: Optional[str] = None,
                 deflate_compression_level: Optional[int] = None,
                 deflate_min_data_size: Optional[int] = None,
                 dns_server1: Optional[str] = None,
                 dns_server2: Optional[str] = None,
                 dns_suffix: Optional[str] = None,
                 dtls_heartbeat_fail_count: Optional[int] = None,
                 dtls_heartbeat_idle_timeout: Optional[int] = None,
                 dtls_heartbeat_interval: Optional[int] = None,
                 dtls_hello_timeout: Optional[int] = None,
                 dtls_max_proto_ver: Optional[str] = None,
                 dtls_min_proto_ver: Optional[str] = None,
                 dtls_tunnel: Optional[str] = None,
                 dual_stack_mode: Optional[str] = None,
                 dynamic_sort_subtable: Optional[str] = None,
                 encode2f_sequence: Optional[str] = None,
                 encrypt_and_store_password: Optional[str] = None,
                 force_two_factor_auth: Optional[str] = None,
                 get_all_tables: Optional[str] = None,
                 header_x_forwarded_for: Optional[str] = None,
                 hsts_include_subdomains: Optional[str] = None,
                 http_compression: Optional[str] = None,
                 http_only_cookie: Optional[str] = None,
                 http_request_body_timeout: Optional[int] = None,
                 http_request_header_timeout: Optional[int] = None,
                 https_redirect: Optional[str] = None,
                 idle_timeout: Optional[int] = None,
                 ipv6_dns_server1: Optional[str] = None,
                 ipv6_dns_server2: Optional[str] = None,
                 ipv6_wins_server1: Optional[str] = None,
                 ipv6_wins_server2: Optional[str] = None,
                 login_attempt_limit: Optional[int] = None,
                 login_block_time: Optional[int] = None,
                 login_timeout: Optional[int] = None,
                 port: Optional[int] = None,
                 port_precedence: Optional[str] = None,
                 reqclientcert: Optional[str] = None,
                 route_source_interface: Optional[str] = None,
                 saml_redirect_port: Optional[int] = None,
                 server_hostname: Optional[str] = None,
                 servercert: Optional[str] = None,
                 source_address6_negate: Optional[str] = None,
                 source_address6s: Optional[Sequence[SettingsSourceAddress6Args]] = None,
                 source_address_negate: Optional[str] = None,
                 source_addresses: Optional[Sequence[SettingsSourceAddressArgs]] = None,
                 source_interfaces: Optional[Sequence[SettingsSourceInterfaceArgs]] = None,
                 ssl_client_renegotiation: Optional[str] = None,
                 ssl_insert_empty_fragment: Optional[str] = None,
                 ssl_max_proto_ver: Optional[str] = None,
                 ssl_min_proto_ver: Optional[str] = None,
                 status: Optional[str] = None,
                 tlsv10: Optional[str] = None,
                 tlsv11: Optional[str] = None,
                 tlsv12: Optional[str] = None,
                 tlsv13: Optional[str] = None,
                 transform_backward_slashes: Optional[str] = None,
                 tunnel_addr_assigned_method: Optional[str] = None,
                 tunnel_connect_without_reauth: Optional[str] = None,
                 tunnel_ip_pools: Optional[Sequence[SettingsTunnelIpPoolArgs]] = None,
                 tunnel_ipv6_pools: Optional[Sequence[SettingsTunnelIpv6PoolArgs]] = None,
                 tunnel_user_session_timeout: Optional[int] = None,
                 unsafe_legacy_renegotiation: Optional[str] = None,
                 url_obscuration: Optional[str] = None,
                 user_peer: Optional[str] = None,
                 vdomparam: Optional[str] = None,
                 web_mode_snat: Optional[str] = None,
                 wins_server1: Optional[str] = None,
                 wins_server2: Optional[str] = None,
                 x_content_type_options: Optional[str] = None,
                 ztna_trusted_client: Optional[str] = None)
    func NewSettings(ctx *Context, name string, args *SettingsArgs, opts ...ResourceOption) (*Settings, error)
    public Settings(string name, SettingsArgs? args = null, CustomResourceOptions? opts = null)
    public Settings(String name, SettingsArgs args)
    public Settings(String name, SettingsArgs args, CustomResourceOptions options)
    
    type: fortios:vpn/ssl/settings:Settings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Settings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Settings resource accepts the following input properties:

    Algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    AuthSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    AuthTimeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    AuthenticationRules List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRule>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    AutoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    BannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    BrowserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    CheckReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    Ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    ClientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    DefaultPortal string
    Default SSL VPN portal.
    DeflateCompressionLevel int
    Compression level (0~9).
    DeflateMinDataSize int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    DnsServer1 string
    DNS server 1.
    DnsServer2 string
    DNS server 2.
    DnsSuffix string
    DNS suffix used for SSL-VPN clients.
    DtlsHeartbeatFailCount int
    Number of missing heartbeats before the connection is considered dropped.
    DtlsHeartbeatIdleTimeout int
    Idle timeout before DTLS heartbeat is sent.
    DtlsHeartbeatInterval int
    Interval between DTLS heartbeat.
    DtlsHelloTimeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    DtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    DualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    EncryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    ForceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    HeaderXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    HstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    HttpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    HttpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    HttpRequestBodyTimeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    HttpRequestHeaderTimeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    HttpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    IdleTimeout int
    SSL VPN disconnects if idle for specified time in seconds.
    Ipv6DnsServer1 string
    IPv6 DNS server 1.
    Ipv6DnsServer2 string
    IPv6 DNS server 2.
    Ipv6WinsServer1 string
    IPv6 WINS server 1.
    Ipv6WinsServer2 string
    IPv6 WINS server 2.
    LoginAttemptLimit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    LoginBlockTime int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    LoginTimeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    Port int
    SSL-VPN access port (1 - 65535).
    PortPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    Reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    RouteSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    SamlRedirectPort int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    ServerHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    Servercert string
    Name of the server certificate to be used for SSL-VPNs.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    SslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    SslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    SslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    SslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    Status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    Tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    Tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    Tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    Tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    TransformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    TunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    TunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    TunnelIpPools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpPool>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    TunnelIpv6Pools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpv6Pool>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    TunnelUserSessionTimeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    UnsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    UrlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    UserPeer string
    Name of user peer.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WebModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    WinsServer1 string
    WINS server 1.
    WinsServer2 string
    WINS server 2.
    XContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ZtnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    Algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    AuthSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    AuthTimeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    AuthenticationRules []SettingsAuthenticationRuleArgs
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    AutoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    BannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    BrowserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    CheckReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    Ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    ClientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    DefaultPortal string
    Default SSL VPN portal.
    DeflateCompressionLevel int
    Compression level (0~9).
    DeflateMinDataSize int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    DnsServer1 string
    DNS server 1.
    DnsServer2 string
    DNS server 2.
    DnsSuffix string
    DNS suffix used for SSL-VPN clients.
    DtlsHeartbeatFailCount int
    Number of missing heartbeats before the connection is considered dropped.
    DtlsHeartbeatIdleTimeout int
    Idle timeout before DTLS heartbeat is sent.
    DtlsHeartbeatInterval int
    Interval between DTLS heartbeat.
    DtlsHelloTimeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    DtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    DualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    EncryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    ForceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    HeaderXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    HstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    HttpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    HttpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    HttpRequestBodyTimeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    HttpRequestHeaderTimeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    HttpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    IdleTimeout int
    SSL VPN disconnects if idle for specified time in seconds.
    Ipv6DnsServer1 string
    IPv6 DNS server 1.
    Ipv6DnsServer2 string
    IPv6 DNS server 2.
    Ipv6WinsServer1 string
    IPv6 WINS server 1.
    Ipv6WinsServer2 string
    IPv6 WINS server 2.
    LoginAttemptLimit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    LoginBlockTime int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    LoginTimeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    Port int
    SSL-VPN access port (1 - 65535).
    PortPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    Reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    RouteSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    SamlRedirectPort int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    ServerHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    Servercert string
    Name of the server certificate to be used for SSL-VPNs.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s []SettingsSourceAddress6Args
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses []SettingsSourceAddressArgs
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces []SettingsSourceInterfaceArgs
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    SslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    SslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    SslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    SslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    Status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    Tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    Tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    Tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    Tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    TransformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    TunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    TunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    TunnelIpPools []SettingsTunnelIpPoolArgs
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    TunnelIpv6Pools []SettingsTunnelIpv6PoolArgs
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    TunnelUserSessionTimeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    UnsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    UrlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    UserPeer string
    Name of user peer.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WebModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    WinsServer1 string
    WINS server 1.
    WinsServer2 string
    WINS server 2.
    XContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ZtnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm String
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp String
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout Integer
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules List<SettingsAuthenticationRule>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute String
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher String
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection String
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer String
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs String
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal String
    Default SSL VPN portal.
    deflateCompressionLevel Integer
    Compression level (0~9).
    deflateMinDataSize Integer
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 String
    DNS server 1.
    dnsServer2 String
    DNS server 2.
    dnsSuffix String
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount Integer
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout Integer
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval Integer
    Interval between DTLS heartbeat.
    dtlsHelloTimeout Integer
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer String
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer String
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel String
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode String
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence String
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword String
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth String
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor String
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains String
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression String
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie String
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout Integer
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout Integer
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect String
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout Integer
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 String
    IPv6 DNS server 1.
    ipv6DnsServer2 String
    IPv6 DNS server 2.
    ipv6WinsServer1 String
    IPv6 WINS server 1.
    ipv6WinsServer2 String
    IPv6 WINS server 2.
    loginAttemptLimit Integer
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime Integer
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout Integer
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port Integer
    SSL-VPN access port (1 - 65535).
    portPrecedence String
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert String
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface String
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort Integer
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname String
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert String
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<SettingsSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<SettingsSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<SettingsSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation String
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment String
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer String
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer String
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status String
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 String
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 String
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 String
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 String
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes String
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod String
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth String
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools List<SettingsTunnelIpPool>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools List<SettingsTunnelIpv6Pool>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout Integer
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation String
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration String
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer String
    Name of user peer.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat String
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 String
    WINS server 1.
    winsServer2 String
    WINS server 2.
    xContentTypeOptions String
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient String
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout number
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules SettingsAuthenticationRule[]
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal string
    Default SSL VPN portal.
    deflateCompressionLevel number
    Compression level (0~9).
    deflateMinDataSize number
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 string
    DNS server 1.
    dnsServer2 string
    DNS server 2.
    dnsSuffix string
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount number
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout number
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval number
    Interval between DTLS heartbeat.
    dtlsHelloTimeout number
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout number
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout number
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout number
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 string
    IPv6 DNS server 1.
    ipv6DnsServer2 string
    IPv6 DNS server 2.
    ipv6WinsServer1 string
    IPv6 WINS server 1.
    ipv6WinsServer2 string
    IPv6 WINS server 2.
    loginAttemptLimit number
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime number
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout number
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port number
    SSL-VPN access port (1 - 65535).
    portPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort number
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert string
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s SettingsSourceAddress6[]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses SettingsSourceAddress[]
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces SettingsSourceInterface[]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools SettingsTunnelIpPool[]
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools SettingsTunnelIpv6Pool[]
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout number
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer string
    Name of user peer.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 string
    WINS server 1.
    winsServer2 string
    WINS server 2.
    xContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm str
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    auth_session_check_source_ip str
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    auth_timeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authentication_rules Sequence[SettingsAuthenticationRuleArgs]
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    auto_tunnel_static_route str
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    banned_cipher str
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browser_language_detection str
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    check_referer str
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite str
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    client_sigalgs str
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    default_portal str
    Default SSL VPN portal.
    deflate_compression_level int
    Compression level (0~9).
    deflate_min_data_size int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dns_server1 str
    DNS server 1.
    dns_server2 str
    DNS server 2.
    dns_suffix str
    DNS suffix used for SSL-VPN clients.
    dtls_heartbeat_fail_count int
    Number of missing heartbeats before the connection is considered dropped.
    dtls_heartbeat_idle_timeout int
    Idle timeout before DTLS heartbeat is sent.
    dtls_heartbeat_interval int
    Interval between DTLS heartbeat.
    dtls_hello_timeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtls_max_proto_ver str
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtls_min_proto_ver str
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtls_tunnel str
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dual_stack_mode str
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2f_sequence str
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encrypt_and_store_password str
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    force_two_factor_auth str
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    header_x_forwarded_for str
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hsts_include_subdomains str
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    http_compression str
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    http_only_cookie str
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    http_request_body_timeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    http_request_header_timeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    https_redirect str
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idle_timeout int
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6_dns_server1 str
    IPv6 DNS server 1.
    ipv6_dns_server2 str
    IPv6 DNS server 2.
    ipv6_wins_server1 str
    IPv6 WINS server 1.
    ipv6_wins_server2 str
    IPv6 WINS server 2.
    login_attempt_limit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    login_block_time int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    login_timeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port int
    SSL-VPN access port (1 - 65535).
    port_precedence str
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert str
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    route_source_interface str
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    saml_redirect_port int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    server_hostname str
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert str
    Name of the server certificate to be used for SSL-VPNs.
    source_address6_negate str
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    source_address6s Sequence[SettingsSourceAddress6Args]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    source_address_negate str
    Enable/disable negated source address match. Valid values: enable, disable.
    source_addresses Sequence[SettingsSourceAddressArgs]
    Source address of incoming traffic. The structure of source_address block is documented below.
    source_interfaces Sequence[SettingsSourceInterfaceArgs]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    ssl_client_renegotiation str
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    ssl_insert_empty_fragment str
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    ssl_max_proto_ver str
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    ssl_min_proto_ver str
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status str
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 str
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 str
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 str
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 str
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transform_backward_slashes str
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnel_addr_assigned_method str
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnel_connect_without_reauth str
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnel_ip_pools Sequence[SettingsTunnelIpPoolArgs]
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnel_ipv6_pools Sequence[SettingsTunnelIpv6PoolArgs]
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnel_user_session_timeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafe_legacy_renegotiation str
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    url_obscuration str
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    user_peer str
    Name of user peer.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    web_mode_snat str
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    wins_server1 str
    WINS server 1.
    wins_server2 str
    WINS server 2.
    x_content_type_options str
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztna_trusted_client str
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm String
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp String
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout Number
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules List<Property Map>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute String
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher String
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection String
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer String
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs String
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal String
    Default SSL VPN portal.
    deflateCompressionLevel Number
    Compression level (0~9).
    deflateMinDataSize Number
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 String
    DNS server 1.
    dnsServer2 String
    DNS server 2.
    dnsSuffix String
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount Number
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout Number
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval Number
    Interval between DTLS heartbeat.
    dtlsHelloTimeout Number
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer String
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer String
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel String
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode String
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence String
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword String
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth String
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor String
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains String
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression String
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie String
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout Number
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout Number
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect String
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout Number
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 String
    IPv6 DNS server 1.
    ipv6DnsServer2 String
    IPv6 DNS server 2.
    ipv6WinsServer1 String
    IPv6 WINS server 1.
    ipv6WinsServer2 String
    IPv6 WINS server 2.
    loginAttemptLimit Number
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime Number
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout Number
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port Number
    SSL-VPN access port (1 - 65535).
    portPrecedence String
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert String
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface String
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort Number
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname String
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert String
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<Property Map>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<Property Map>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<Property Map>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation String
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment String
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer String
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer String
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status String
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 String
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 String
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 String
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 String
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes String
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod String
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth String
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools List<Property Map>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools List<Property Map>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout Number
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation String
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration String
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer String
    Name of user peer.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat String
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 String
    WINS server 1.
    winsServer2 String
    WINS server 2.
    xContentTypeOptions String
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient String
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Settings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Settings Resource

    Get an existing Settings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SettingsState, opts?: CustomResourceOptions): Settings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            algorithm: Optional[str] = None,
            auth_session_check_source_ip: Optional[str] = None,
            auth_timeout: Optional[int] = None,
            authentication_rules: Optional[Sequence[SettingsAuthenticationRuleArgs]] = None,
            auto_tunnel_static_route: Optional[str] = None,
            banned_cipher: Optional[str] = None,
            browser_language_detection: Optional[str] = None,
            check_referer: Optional[str] = None,
            ciphersuite: Optional[str] = None,
            client_sigalgs: Optional[str] = None,
            default_portal: Optional[str] = None,
            deflate_compression_level: Optional[int] = None,
            deflate_min_data_size: Optional[int] = None,
            dns_server1: Optional[str] = None,
            dns_server2: Optional[str] = None,
            dns_suffix: Optional[str] = None,
            dtls_heartbeat_fail_count: Optional[int] = None,
            dtls_heartbeat_idle_timeout: Optional[int] = None,
            dtls_heartbeat_interval: Optional[int] = None,
            dtls_hello_timeout: Optional[int] = None,
            dtls_max_proto_ver: Optional[str] = None,
            dtls_min_proto_ver: Optional[str] = None,
            dtls_tunnel: Optional[str] = None,
            dual_stack_mode: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            encode2f_sequence: Optional[str] = None,
            encrypt_and_store_password: Optional[str] = None,
            force_two_factor_auth: Optional[str] = None,
            get_all_tables: Optional[str] = None,
            header_x_forwarded_for: Optional[str] = None,
            hsts_include_subdomains: Optional[str] = None,
            http_compression: Optional[str] = None,
            http_only_cookie: Optional[str] = None,
            http_request_body_timeout: Optional[int] = None,
            http_request_header_timeout: Optional[int] = None,
            https_redirect: Optional[str] = None,
            idle_timeout: Optional[int] = None,
            ipv6_dns_server1: Optional[str] = None,
            ipv6_dns_server2: Optional[str] = None,
            ipv6_wins_server1: Optional[str] = None,
            ipv6_wins_server2: Optional[str] = None,
            login_attempt_limit: Optional[int] = None,
            login_block_time: Optional[int] = None,
            login_timeout: Optional[int] = None,
            port: Optional[int] = None,
            port_precedence: Optional[str] = None,
            reqclientcert: Optional[str] = None,
            route_source_interface: Optional[str] = None,
            saml_redirect_port: Optional[int] = None,
            server_hostname: Optional[str] = None,
            servercert: Optional[str] = None,
            source_address6_negate: Optional[str] = None,
            source_address6s: Optional[Sequence[SettingsSourceAddress6Args]] = None,
            source_address_negate: Optional[str] = None,
            source_addresses: Optional[Sequence[SettingsSourceAddressArgs]] = None,
            source_interfaces: Optional[Sequence[SettingsSourceInterfaceArgs]] = None,
            ssl_client_renegotiation: Optional[str] = None,
            ssl_insert_empty_fragment: Optional[str] = None,
            ssl_max_proto_ver: Optional[str] = None,
            ssl_min_proto_ver: Optional[str] = None,
            status: Optional[str] = None,
            tlsv10: Optional[str] = None,
            tlsv11: Optional[str] = None,
            tlsv12: Optional[str] = None,
            tlsv13: Optional[str] = None,
            transform_backward_slashes: Optional[str] = None,
            tunnel_addr_assigned_method: Optional[str] = None,
            tunnel_connect_without_reauth: Optional[str] = None,
            tunnel_ip_pools: Optional[Sequence[SettingsTunnelIpPoolArgs]] = None,
            tunnel_ipv6_pools: Optional[Sequence[SettingsTunnelIpv6PoolArgs]] = None,
            tunnel_user_session_timeout: Optional[int] = None,
            unsafe_legacy_renegotiation: Optional[str] = None,
            url_obscuration: Optional[str] = None,
            user_peer: Optional[str] = None,
            vdomparam: Optional[str] = None,
            web_mode_snat: Optional[str] = None,
            wins_server1: Optional[str] = None,
            wins_server2: Optional[str] = None,
            x_content_type_options: Optional[str] = None,
            ztna_trusted_client: Optional[str] = None) -> Settings
    func GetSettings(ctx *Context, name string, id IDInput, state *SettingsState, opts ...ResourceOption) (*Settings, error)
    public static Settings Get(string name, Input<string> id, SettingsState? state, CustomResourceOptions? opts = null)
    public static Settings get(String name, Output<String> id, SettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    AuthSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    AuthTimeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    AuthenticationRules List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRule>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    AutoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    BannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    BrowserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    CheckReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    Ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    ClientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    DefaultPortal string
    Default SSL VPN portal.
    DeflateCompressionLevel int
    Compression level (0~9).
    DeflateMinDataSize int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    DnsServer1 string
    DNS server 1.
    DnsServer2 string
    DNS server 2.
    DnsSuffix string
    DNS suffix used for SSL-VPN clients.
    DtlsHeartbeatFailCount int
    Number of missing heartbeats before the connection is considered dropped.
    DtlsHeartbeatIdleTimeout int
    Idle timeout before DTLS heartbeat is sent.
    DtlsHeartbeatInterval int
    Interval between DTLS heartbeat.
    DtlsHelloTimeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    DtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    DualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    EncryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    ForceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    HeaderXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    HstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    HttpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    HttpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    HttpRequestBodyTimeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    HttpRequestHeaderTimeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    HttpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    IdleTimeout int
    SSL VPN disconnects if idle for specified time in seconds.
    Ipv6DnsServer1 string
    IPv6 DNS server 1.
    Ipv6DnsServer2 string
    IPv6 DNS server 2.
    Ipv6WinsServer1 string
    IPv6 WINS server 1.
    Ipv6WinsServer2 string
    IPv6 WINS server 2.
    LoginAttemptLimit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    LoginBlockTime int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    LoginTimeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    Port int
    SSL-VPN access port (1 - 65535).
    PortPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    Reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    RouteSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    SamlRedirectPort int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    ServerHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    Servercert string
    Name of the server certificate to be used for SSL-VPNs.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    SslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    SslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    SslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    SslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    Status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    Tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    Tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    Tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    Tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    TransformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    TunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    TunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    TunnelIpPools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpPool>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    TunnelIpv6Pools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpv6Pool>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    TunnelUserSessionTimeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    UnsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    UrlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    UserPeer string
    Name of user peer.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WebModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    WinsServer1 string
    WINS server 1.
    WinsServer2 string
    WINS server 2.
    XContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ZtnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    Algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    AuthSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    AuthTimeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    AuthenticationRules []SettingsAuthenticationRuleArgs
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    AutoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    BannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    BrowserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    CheckReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    Ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    ClientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    DefaultPortal string
    Default SSL VPN portal.
    DeflateCompressionLevel int
    Compression level (0~9).
    DeflateMinDataSize int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    DnsServer1 string
    DNS server 1.
    DnsServer2 string
    DNS server 2.
    DnsSuffix string
    DNS suffix used for SSL-VPN clients.
    DtlsHeartbeatFailCount int
    Number of missing heartbeats before the connection is considered dropped.
    DtlsHeartbeatIdleTimeout int
    Idle timeout before DTLS heartbeat is sent.
    DtlsHeartbeatInterval int
    Interval between DTLS heartbeat.
    DtlsHelloTimeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    DtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    DtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    DualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    Encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    EncryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    ForceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    HeaderXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    HstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    HttpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    HttpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    HttpRequestBodyTimeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    HttpRequestHeaderTimeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    HttpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    IdleTimeout int
    SSL VPN disconnects if idle for specified time in seconds.
    Ipv6DnsServer1 string
    IPv6 DNS server 1.
    Ipv6DnsServer2 string
    IPv6 DNS server 2.
    Ipv6WinsServer1 string
    IPv6 WINS server 1.
    Ipv6WinsServer2 string
    IPv6 WINS server 2.
    LoginAttemptLimit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    LoginBlockTime int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    LoginTimeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    Port int
    SSL-VPN access port (1 - 65535).
    PortPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    Reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    RouteSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    SamlRedirectPort int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    ServerHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    Servercert string
    Name of the server certificate to be used for SSL-VPNs.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s []SettingsSourceAddress6Args
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses []SettingsSourceAddressArgs
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces []SettingsSourceInterfaceArgs
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    SslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    SslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    SslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    SslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    Status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    Tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    Tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    Tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    Tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    TransformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    TunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    TunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    TunnelIpPools []SettingsTunnelIpPoolArgs
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    TunnelIpv6Pools []SettingsTunnelIpv6PoolArgs
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    TunnelUserSessionTimeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    UnsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    UrlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    UserPeer string
    Name of user peer.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    WebModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    WinsServer1 string
    WINS server 1.
    WinsServer2 string
    WINS server 2.
    XContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ZtnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm String
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp String
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout Integer
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules List<SettingsAuthenticationRule>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute String
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher String
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection String
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer String
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs String
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal String
    Default SSL VPN portal.
    deflateCompressionLevel Integer
    Compression level (0~9).
    deflateMinDataSize Integer
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 String
    DNS server 1.
    dnsServer2 String
    DNS server 2.
    dnsSuffix String
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount Integer
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout Integer
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval Integer
    Interval between DTLS heartbeat.
    dtlsHelloTimeout Integer
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer String
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer String
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel String
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode String
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence String
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword String
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth String
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor String
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains String
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression String
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie String
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout Integer
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout Integer
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect String
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout Integer
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 String
    IPv6 DNS server 1.
    ipv6DnsServer2 String
    IPv6 DNS server 2.
    ipv6WinsServer1 String
    IPv6 WINS server 1.
    ipv6WinsServer2 String
    IPv6 WINS server 2.
    loginAttemptLimit Integer
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime Integer
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout Integer
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port Integer
    SSL-VPN access port (1 - 65535).
    portPrecedence String
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert String
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface String
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort Integer
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname String
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert String
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<SettingsSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<SettingsSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<SettingsSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation String
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment String
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer String
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer String
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status String
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 String
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 String
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 String
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 String
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes String
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod String
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth String
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools List<SettingsTunnelIpPool>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools List<SettingsTunnelIpv6Pool>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout Integer
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation String
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration String
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer String
    Name of user peer.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat String
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 String
    WINS server 1.
    winsServer2 String
    WINS server 2.
    xContentTypeOptions String
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient String
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm string
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp string
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout number
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules SettingsAuthenticationRule[]
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute string
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher string
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection string
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer string
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite string
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs string
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal string
    Default SSL VPN portal.
    deflateCompressionLevel number
    Compression level (0~9).
    deflateMinDataSize number
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 string
    DNS server 1.
    dnsServer2 string
    DNS server 2.
    dnsSuffix string
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount number
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout number
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval number
    Interval between DTLS heartbeat.
    dtlsHelloTimeout number
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer string
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer string
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel string
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode string
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence string
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword string
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth string
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor string
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains string
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression string
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie string
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout number
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout number
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect string
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout number
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 string
    IPv6 DNS server 1.
    ipv6DnsServer2 string
    IPv6 DNS server 2.
    ipv6WinsServer1 string
    IPv6 WINS server 1.
    ipv6WinsServer2 string
    IPv6 WINS server 2.
    loginAttemptLimit number
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime number
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout number
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port number
    SSL-VPN access port (1 - 65535).
    portPrecedence string
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert string
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface string
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort number
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname string
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert string
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s SettingsSourceAddress6[]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses SettingsSourceAddress[]
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces SettingsSourceInterface[]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation string
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment string
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer string
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer string
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status string
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 string
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 string
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 string
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 string
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes string
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod string
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth string
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools SettingsTunnelIpPool[]
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools SettingsTunnelIpv6Pool[]
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout number
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation string
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration string
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer string
    Name of user peer.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat string
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 string
    WINS server 1.
    winsServer2 string
    WINS server 2.
    xContentTypeOptions string
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient string
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm str
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    auth_session_check_source_ip str
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    auth_timeout int
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authentication_rules Sequence[SettingsAuthenticationRuleArgs]
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    auto_tunnel_static_route str
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    banned_cipher str
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browser_language_detection str
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    check_referer str
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite str
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    client_sigalgs str
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    default_portal str
    Default SSL VPN portal.
    deflate_compression_level int
    Compression level (0~9).
    deflate_min_data_size int
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dns_server1 str
    DNS server 1.
    dns_server2 str
    DNS server 2.
    dns_suffix str
    DNS suffix used for SSL-VPN clients.
    dtls_heartbeat_fail_count int
    Number of missing heartbeats before the connection is considered dropped.
    dtls_heartbeat_idle_timeout int
    Idle timeout before DTLS heartbeat is sent.
    dtls_heartbeat_interval int
    Interval between DTLS heartbeat.
    dtls_hello_timeout int
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtls_max_proto_ver str
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtls_min_proto_ver str
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtls_tunnel str
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dual_stack_mode str
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2f_sequence str
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encrypt_and_store_password str
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    force_two_factor_auth str
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    header_x_forwarded_for str
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hsts_include_subdomains str
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    http_compression str
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    http_only_cookie str
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    http_request_body_timeout int
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    http_request_header_timeout int
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    https_redirect str
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idle_timeout int
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6_dns_server1 str
    IPv6 DNS server 1.
    ipv6_dns_server2 str
    IPv6 DNS server 2.
    ipv6_wins_server1 str
    IPv6 WINS server 1.
    ipv6_wins_server2 str
    IPv6 WINS server 2.
    login_attempt_limit int
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    login_block_time int
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    login_timeout int
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port int
    SSL-VPN access port (1 - 65535).
    port_precedence str
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert str
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    route_source_interface str
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    saml_redirect_port int
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    server_hostname str
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert str
    Name of the server certificate to be used for SSL-VPNs.
    source_address6_negate str
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    source_address6s Sequence[SettingsSourceAddress6Args]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    source_address_negate str
    Enable/disable negated source address match. Valid values: enable, disable.
    source_addresses Sequence[SettingsSourceAddressArgs]
    Source address of incoming traffic. The structure of source_address block is documented below.
    source_interfaces Sequence[SettingsSourceInterfaceArgs]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    ssl_client_renegotiation str
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    ssl_insert_empty_fragment str
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    ssl_max_proto_ver str
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    ssl_min_proto_ver str
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status str
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 str
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 str
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 str
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 str
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transform_backward_slashes str
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnel_addr_assigned_method str
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnel_connect_without_reauth str
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnel_ip_pools Sequence[SettingsTunnelIpPoolArgs]
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnel_ipv6_pools Sequence[SettingsTunnelIpv6PoolArgs]
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnel_user_session_timeout int
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafe_legacy_renegotiation str
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    url_obscuration str
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    user_peer str
    Name of user peer.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    web_mode_snat str
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    wins_server1 str
    WINS server 1.
    wins_server2 str
    WINS server 2.
    x_content_type_options str
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztna_trusted_client str
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.
    algorithm String
    Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
    authSessionCheckSourceIp String
    Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
    authTimeout Number
    SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
    authenticationRules List<Property Map>
    Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
    autoTunnelStaticRoute String
    Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
    bannedCipher String
    Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
    browserLanguageDetection String
    Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
    checkReferer String
    Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
    ciphersuite String
    Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
    clientSigalgs String
    Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
    defaultPortal String
    Default SSL VPN portal.
    deflateCompressionLevel Number
    Compression level (0~9).
    deflateMinDataSize Number
    Minimum amount of data that triggers compression (200 - 65535 bytes).
    dnsServer1 String
    DNS server 1.
    dnsServer2 String
    DNS server 2.
    dnsSuffix String
    DNS suffix used for SSL-VPN clients.
    dtlsHeartbeatFailCount Number
    Number of missing heartbeats before the connection is considered dropped.
    dtlsHeartbeatIdleTimeout Number
    Idle timeout before DTLS heartbeat is sent.
    dtlsHeartbeatInterval Number
    Interval between DTLS heartbeat.
    dtlsHelloTimeout Number
    SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
    dtlsMaxProtoVer String
    DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsMinProtoVer String
    DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
    dtlsTunnel String
    Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
    dualStackMode String
    Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    encode2fSequence String
    Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
    encryptAndStorePassword String
    Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
    forceTwoFactorAuth String
    Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    headerXForwardedFor String
    Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
    hstsIncludeSubdomains String
    Add HSTS includeSubDomains response header. Valid values: enable, disable.
    httpCompression String
    Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
    httpOnlyCookie String
    Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
    httpRequestBodyTimeout Number
    SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
    httpRequestHeaderTimeout Number
    SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
    httpsRedirect String
    Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
    idleTimeout Number
    SSL VPN disconnects if idle for specified time in seconds.
    ipv6DnsServer1 String
    IPv6 DNS server 1.
    ipv6DnsServer2 String
    IPv6 DNS server 2.
    ipv6WinsServer1 String
    IPv6 WINS server 1.
    ipv6WinsServer2 String
    IPv6 WINS server 2.
    loginAttemptLimit Number
    SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
    loginBlockTime Number
    Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
    loginTimeout Number
    SSLVPN maximum login timeout (10 - 180 sec, default = 30).
    port Number
    SSL-VPN access port (1 - 65535).
    portPrecedence String
    Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
    reqclientcert String
    Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
    routeSourceInterface String
    Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
    samlRedirectPort Number
    SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
    serverHostname String
    Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
    servercert String
    Name of the server certificate to be used for SSL-VPNs.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<Property Map>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<Property Map>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<Property Map>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    sslClientRenegotiation String
    Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
    sslInsertEmptyFragment String
    Enable/disable insertion of empty fragment. Valid values: enable, disable.
    sslMaxProtoVer String
    SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    sslMinProtoVer String
    SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
    status String
    Enable/disable SSL-VPN. Valid values: enable, disable.
    tlsv10 String
    Enable/disable TLSv1.0. Valid values: enable, disable.
    tlsv11 String
    Enable/disable TLSv1.1. Valid values: enable, disable.
    tlsv12 String
    Enable/disable TLSv1.2. Valid values: enable, disable.
    tlsv13 String
    Enable/disable TLSv1.3. Valid values: enable, disable.
    transformBackwardSlashes String
    Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
    tunnelAddrAssignedMethod String
    Method used for assigning address for tunnel. Valid values: first-available, round-robin.
    tunnelConnectWithoutReauth String
    Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
    tunnelIpPools List<Property Map>
    Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
    tunnelIpv6Pools List<Property Map>
    Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
    tunnelUserSessionTimeout Number
    Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
    unsafeLegacyRenegotiation String
    Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
    urlObscuration String
    Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
    userPeer String
    Name of user peer.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    webModeSnat String
    Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
    winsServer1 String
    WINS server 1.
    winsServer2 String
    WINS server 2.
    xContentTypeOptions String
    Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
    ztnaTrustedClient String
    Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

    Supporting Types

    SettingsAuthenticationRule, SettingsAuthenticationRuleArgs

    Auth string
    SSL VPN authentication method restriction.
    Cipher string
    SSL VPN cipher strength. Valid values: any, high, medium.
    ClientCert string
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    Groups List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleGroup>
    User groups. The structure of groups block is documented below.
    Id int
    ID (0 - 4294967295).
    Portal string
    SSL VPN portal.
    Realm string
    SSL VPN realm.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    UserPeer string
    Name of user peer.
    Users List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleUser>
    User name. The structure of users block is documented below.
    Auth string
    SSL VPN authentication method restriction.
    Cipher string
    SSL VPN cipher strength. Valid values: any, high, medium.
    ClientCert string
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    Groups []SettingsAuthenticationRuleGroup
    User groups. The structure of groups block is documented below.
    Id int
    ID (0 - 4294967295).
    Portal string
    SSL VPN portal.
    Realm string
    SSL VPN realm.
    SourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    SourceAddress6s []SettingsAuthenticationRuleSourceAddress6
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    SourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    SourceAddresses []SettingsAuthenticationRuleSourceAddress
    Source address of incoming traffic. The structure of source_address block is documented below.
    SourceInterfaces []SettingsAuthenticationRuleSourceInterface
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    UserPeer string
    Name of user peer.
    Users []SettingsAuthenticationRuleUser
    User name. The structure of users block is documented below.
    auth String
    SSL VPN authentication method restriction.
    cipher String
    SSL VPN cipher strength. Valid values: any, high, medium.
    clientCert String
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    groups List<SettingsAuthenticationRuleGroup>
    User groups. The structure of groups block is documented below.
    id Integer
    ID (0 - 4294967295).
    portal String
    SSL VPN portal.
    realm String
    SSL VPN realm.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<SettingsAuthenticationRuleSourceAddress6>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<SettingsAuthenticationRuleSourceAddress>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<SettingsAuthenticationRuleSourceInterface>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    userPeer String
    Name of user peer.
    users List<SettingsAuthenticationRuleUser>
    User name. The structure of users block is documented below.
    auth string
    SSL VPN authentication method restriction.
    cipher string
    SSL VPN cipher strength. Valid values: any, high, medium.
    clientCert string
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    groups SettingsAuthenticationRuleGroup[]
    User groups. The structure of groups block is documented below.
    id number
    ID (0 - 4294967295).
    portal string
    SSL VPN portal.
    realm string
    SSL VPN realm.
    sourceAddress6Negate string
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s SettingsAuthenticationRuleSourceAddress6[]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate string
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses SettingsAuthenticationRuleSourceAddress[]
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces SettingsAuthenticationRuleSourceInterface[]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    userPeer string
    Name of user peer.
    users SettingsAuthenticationRuleUser[]
    User name. The structure of users block is documented below.
    auth str
    SSL VPN authentication method restriction.
    cipher str
    SSL VPN cipher strength. Valid values: any, high, medium.
    client_cert str
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    groups Sequence[SettingsAuthenticationRuleGroup]
    User groups. The structure of groups block is documented below.
    id int
    ID (0 - 4294967295).
    portal str
    SSL VPN portal.
    realm str
    SSL VPN realm.
    source_address6_negate str
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    source_address6s Sequence[SettingsAuthenticationRuleSourceAddress6]
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    source_address_negate str
    Enable/disable negated source address match. Valid values: enable, disable.
    source_addresses Sequence[SettingsAuthenticationRuleSourceAddress]
    Source address of incoming traffic. The structure of source_address block is documented below.
    source_interfaces Sequence[SettingsAuthenticationRuleSourceInterface]
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    user_peer str
    Name of user peer.
    users Sequence[SettingsAuthenticationRuleUser]
    User name. The structure of users block is documented below.
    auth String
    SSL VPN authentication method restriction.
    cipher String
    SSL VPN cipher strength. Valid values: any, high, medium.
    clientCert String
    Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
    groups List<Property Map>
    User groups. The structure of groups block is documented below.
    id Number
    ID (0 - 4294967295).
    portal String
    SSL VPN portal.
    realm String
    SSL VPN realm.
    sourceAddress6Negate String
    Enable/disable negated source IPv6 address match. Valid values: enable, disable.
    sourceAddress6s List<Property Map>
    IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
    sourceAddressNegate String
    Enable/disable negated source address match. Valid values: enable, disable.
    sourceAddresses List<Property Map>
    Source address of incoming traffic. The structure of source_address block is documented below.
    sourceInterfaces List<Property Map>
    SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
    userPeer String
    Name of user peer.
    users List<Property Map>
    User name. The structure of users block is documented below.

    SettingsAuthenticationRuleGroup, SettingsAuthenticationRuleGroupArgs

    Name string
    Group name.
    Name string
    Group name.
    name String
    Group name.
    name string
    Group name.
    name str
    Group name.
    name String
    Group name.

    SettingsAuthenticationRuleSourceAddress, SettingsAuthenticationRuleSourceAddressArgs

    Name string
    IPv6 address name.
    Name string
    IPv6 address name.
    name String
    IPv6 address name.
    name string
    IPv6 address name.
    name str
    IPv6 address name.
    name String
    IPv6 address name.

    SettingsAuthenticationRuleSourceAddress6, SettingsAuthenticationRuleSourceAddress6Args

    Name string
    Name string
    name String
    name string
    name str
    name String

    SettingsAuthenticationRuleSourceInterface, SettingsAuthenticationRuleSourceInterfaceArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    SettingsAuthenticationRuleUser, SettingsAuthenticationRuleUserArgs

    Name string
    User name.
    Name string
    User name.
    name String
    User name.
    name string
    User name.
    name str
    User name.
    name String
    User name.

    SettingsSourceAddress, SettingsSourceAddressArgs

    Name string
    IPv6 address name.
    Name string
    IPv6 address name.
    name String
    IPv6 address name.
    name string
    IPv6 address name.
    name str
    IPv6 address name.
    name String
    IPv6 address name.

    SettingsSourceAddress6, SettingsSourceAddress6Args

    Name string
    Name string
    name String
    name string
    name str
    name String

    SettingsSourceInterface, SettingsSourceInterfaceArgs

    Name string
    Interface name.
    Name string
    Interface name.
    name String
    Interface name.
    name string
    Interface name.
    name str
    Interface name.
    name String
    Interface name.

    SettingsTunnelIpPool, SettingsTunnelIpPoolArgs

    Name string
    Address name.
    Name string
    Address name.
    name String
    Address name.
    name string
    Address name.
    name str
    Address name.
    name String
    Address name.

    SettingsTunnelIpv6Pool, SettingsTunnelIpv6PoolArgs

    Name string
    Name string
    name String
    name string
    name str
    name String

    Import

    VpnSsl Settings can be imported using any of these accepted formats:

    $ pulumi import fortios:vpn/ssl/settings:Settings labelname VpnSslSettings
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:vpn/ssl/settings:Settings labelname VpnSslSettings
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse