fortios.wirelesscontroller.Vap
Explore with Pulumi AI
Configure Virtual Access Points (VAPs).
Create Vap Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Vap(name: string, args?: VapArgs, opts?: CustomResourceOptions);
@overload
def Vap(resource_name: str,
args: Optional[VapArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Vap(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_control_list: Optional[str] = None,
acct_interim_interval: Optional[int] = None,
additional_akms: Optional[str] = None,
address_group: Optional[str] = None,
address_group_policy: Optional[str] = None,
akm24_only: Optional[str] = None,
alias: Optional[str] = None,
antivirus_profile: Optional[str] = None,
application_detection_engine: Optional[str] = None,
application_dscp_marking: Optional[str] = None,
application_list: Optional[str] = None,
application_report_intv: Optional[int] = None,
atf_weight: Optional[int] = None,
auth: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
beacon_advertising: Optional[str] = None,
beacon_protection: Optional[str] = None,
broadcast_ssid: Optional[str] = None,
broadcast_suppression: Optional[str] = None,
bss_color_partial: Optional[str] = None,
bstm_disassociation_imminent: Optional[str] = None,
bstm_load_balancing_disassoc_timer: Optional[int] = None,
bstm_rssi_disassoc_timer: Optional[int] = None,
captive_portal: Optional[str] = None,
captive_portal_ac_name: Optional[str] = None,
captive_portal_auth_timeout: Optional[int] = None,
captive_portal_fw_accounting: Optional[str] = None,
captive_portal_macauth_radius_secret: Optional[str] = None,
captive_portal_macauth_radius_server: Optional[str] = None,
captive_portal_radius_secret: Optional[str] = None,
captive_portal_radius_server: Optional[str] = None,
captive_portal_session_timeout_interval: Optional[int] = None,
dhcp_address_enforcement: Optional[str] = None,
dhcp_lease_time: Optional[int] = None,
dhcp_option43_insertion: Optional[str] = None,
dhcp_option82_circuit_id_insertion: Optional[str] = None,
dhcp_option82_insertion: Optional[str] = None,
dhcp_option82_remote_id_insertion: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
dynamic_vlan: Optional[str] = None,
eap_reauth: Optional[str] = None,
eap_reauth_intv: Optional[int] = None,
eapol_key_retries: Optional[str] = None,
encrypt: Optional[str] = None,
external_fast_roaming: Optional[str] = None,
external_logout: Optional[str] = None,
external_web: Optional[str] = None,
external_web_format: Optional[str] = None,
fast_bss_transition: Optional[str] = None,
fast_roaming: Optional[str] = None,
ft_mobility_domain: Optional[int] = None,
ft_over_ds: Optional[str] = None,
ft_r0_key_lifetime: Optional[int] = None,
gas_comeback_delay: Optional[int] = None,
gas_fragmentation_limit: Optional[int] = None,
get_all_tables: Optional[str] = None,
gtk_rekey: Optional[str] = None,
gtk_rekey_intv: Optional[int] = None,
high_efficiency: Optional[str] = None,
hotspot20_profile: Optional[str] = None,
igmp_snooping: Optional[str] = None,
intra_vap_privacy: Optional[str] = None,
ip: Optional[str] = None,
ips_sensor: Optional[str] = None,
ipv6_rules: Optional[str] = None,
key: Optional[str] = None,
keyindex: Optional[int] = None,
l3_roaming: Optional[str] = None,
l3_roaming_mode: Optional[str] = None,
ldpc: Optional[str] = None,
local_authentication: Optional[str] = None,
local_bridging: Optional[str] = None,
local_lan: Optional[str] = None,
local_standalone: Optional[str] = None,
local_standalone_dns: Optional[str] = None,
local_standalone_dns_ip: Optional[str] = None,
local_standalone_nat: Optional[str] = None,
mac_auth_bypass: Optional[str] = None,
mac_called_station_delimiter: Optional[str] = None,
mac_calling_station_delimiter: Optional[str] = None,
mac_case: Optional[str] = None,
mac_filter: Optional[str] = None,
mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
mac_filter_policy_other: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
max_clients: Optional[int] = None,
max_clients_ap: Optional[int] = None,
mbo: Optional[str] = None,
mbo_cell_data_conn_pref: Optional[str] = None,
me_disable_thresh: Optional[int] = None,
mesh_backhaul: Optional[str] = None,
mpsk: Optional[str] = None,
mpsk_concurrent_clients: Optional[int] = None,
mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
mpsk_profile: Optional[str] = None,
mu_mimo: Optional[str] = None,
multicast_enhance: Optional[str] = None,
multicast_rate: Optional[str] = None,
n80211k: Optional[str] = None,
n80211v: Optional[str] = None,
nac: Optional[str] = None,
nac_profile: Optional[str] = None,
name: Optional[str] = None,
nas_filter_rule: Optional[str] = None,
neighbor_report_dual_band: Optional[str] = None,
okc: Optional[str] = None,
osen: Optional[str] = None,
owe_groups: Optional[str] = None,
owe_transition: Optional[str] = None,
owe_transition_ssid: Optional[str] = None,
passphrase: Optional[str] = None,
pmf: Optional[str] = None,
pmf_assoc_comeback_timeout: Optional[int] = None,
pmf_sa_query_retry_timeout: Optional[int] = None,
port_macauth: Optional[str] = None,
port_macauth_reauth_timeout: Optional[int] = None,
port_macauth_timeout: Optional[int] = None,
portal_message_override_group: Optional[str] = None,
portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
portal_type: Optional[str] = None,
primary_wag_profile: Optional[str] = None,
probe_resp_suppression: Optional[str] = None,
probe_resp_threshold: Optional[str] = None,
ptk_rekey: Optional[str] = None,
ptk_rekey_intv: Optional[int] = None,
qos_profile: Optional[str] = None,
quarantine: Optional[str] = None,
radio2g_threshold: Optional[str] = None,
radio5g_threshold: Optional[str] = None,
radio_sensitivity: Optional[str] = None,
radius_mac_auth: Optional[str] = None,
radius_mac_auth_block_interval: Optional[int] = None,
radius_mac_auth_server: Optional[str] = None,
radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
radius_mac_mpsk_auth: Optional[str] = None,
radius_mac_mpsk_timeout: Optional[int] = None,
radius_server: Optional[str] = None,
rates11a: Optional[str] = None,
rates11ac_mcs_map: Optional[str] = None,
rates11ac_ss12: Optional[str] = None,
rates11ac_ss34: Optional[str] = None,
rates11ax_mcs_map: Optional[str] = None,
rates11ax_ss12: Optional[str] = None,
rates11ax_ss34: Optional[str] = None,
rates11be_mcs_map: Optional[str] = None,
rates11be_mcs_map160: Optional[str] = None,
rates11be_mcs_map320: Optional[str] = None,
rates11bg: Optional[str] = None,
rates11n_ss12: Optional[str] = None,
rates11n_ss34: Optional[str] = None,
roaming_acct_interim_update: Optional[str] = None,
sae_groups: Optional[str] = None,
sae_h2e_only: Optional[str] = None,
sae_hnp_only: Optional[str] = None,
sae_password: Optional[str] = None,
sae_pk: Optional[str] = None,
sae_private_key: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
secondary_wag_profile: Optional[str] = None,
security: Optional[str] = None,
security_exempt_list: Optional[str] = None,
security_obsolete_option: Optional[str] = None,
security_redirect_url: Optional[str] = None,
selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
split_tunneling: Optional[str] = None,
ssid: Optional[str] = None,
sticky_client_remove: Optional[str] = None,
sticky_client_threshold2g: Optional[str] = None,
sticky_client_threshold5g: Optional[str] = None,
sticky_client_threshold6g: Optional[str] = None,
target_wake_time: Optional[str] = None,
tkip_counter_measure: Optional[str] = None,
tunnel_echo_interval: Optional[int] = None,
tunnel_fallback_interval: Optional[int] = None,
usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
utm_log: Optional[str] = None,
utm_profile: Optional[str] = None,
utm_status: Optional[str] = None,
vdomparam: Optional[str] = None,
vlan_auto: Optional[str] = None,
vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
vlan_pooling: Optional[str] = None,
vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
vlanid: Optional[int] = None,
voice_enterprise: Optional[str] = None,
webfilter_profile: Optional[str] = None)
func NewVap(ctx *Context, name string, args *VapArgs, opts ...ResourceOption) (*Vap, error)
public Vap(string name, VapArgs? args = null, CustomResourceOptions? opts = null)
type: fortios:wirelesscontroller:Vap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VapArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vapResource = new Fortios.Wirelesscontroller.Vap("vapResource", new()
{
AccessControlList = "string",
AcctInterimInterval = 0,
AdditionalAkms = "string",
AddressGroup = "string",
AddressGroupPolicy = "string",
Akm24Only = "string",
Alias = "string",
AntivirusProfile = "string",
ApplicationDetectionEngine = "string",
ApplicationDscpMarking = "string",
ApplicationList = "string",
ApplicationReportIntv = 0,
AtfWeight = 0,
Auth = "string",
AuthCert = "string",
AuthPortalAddr = "string",
BeaconAdvertising = "string",
BeaconProtection = "string",
BroadcastSsid = "string",
BroadcastSuppression = "string",
BssColorPartial = "string",
BstmDisassociationImminent = "string",
BstmLoadBalancingDisassocTimer = 0,
BstmRssiDisassocTimer = 0,
CaptivePortal = "string",
CaptivePortalAcName = "string",
CaptivePortalAuthTimeout = 0,
CaptivePortalFwAccounting = "string",
CaptivePortalMacauthRadiusSecret = "string",
CaptivePortalMacauthRadiusServer = "string",
CaptivePortalRadiusSecret = "string",
CaptivePortalRadiusServer = "string",
CaptivePortalSessionTimeoutInterval = 0,
DhcpAddressEnforcement = "string",
DhcpLeaseTime = 0,
DhcpOption43Insertion = "string",
DhcpOption82CircuitIdInsertion = "string",
DhcpOption82Insertion = "string",
DhcpOption82RemoteIdInsertion = "string",
DynamicSortSubtable = "string",
DynamicVlan = "string",
EapReauth = "string",
EapReauthIntv = 0,
EapolKeyRetries = "string",
Encrypt = "string",
ExternalFastRoaming = "string",
ExternalLogout = "string",
ExternalWeb = "string",
ExternalWebFormat = "string",
FastBssTransition = "string",
FastRoaming = "string",
FtMobilityDomain = 0,
FtOverDs = "string",
FtR0KeyLifetime = 0,
GasComebackDelay = 0,
GasFragmentationLimit = 0,
GetAllTables = "string",
GtkRekey = "string",
GtkRekeyIntv = 0,
HighEfficiency = "string",
Hotspot20Profile = "string",
IgmpSnooping = "string",
IntraVapPrivacy = "string",
Ip = "string",
IpsSensor = "string",
Ipv6Rules = "string",
Key = "string",
Keyindex = 0,
L3Roaming = "string",
L3RoamingMode = "string",
Ldpc = "string",
LocalAuthentication = "string",
LocalBridging = "string",
LocalLan = "string",
LocalStandalone = "string",
LocalStandaloneDns = "string",
LocalStandaloneDnsIp = "string",
LocalStandaloneNat = "string",
MacAuthBypass = "string",
MacCalledStationDelimiter = "string",
MacCallingStationDelimiter = "string",
MacCase = "string",
MacFilter = "string",
MacFilterLists = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapMacFilterListArgs
{
Id = 0,
Mac = "string",
MacFilterPolicy = "string",
},
},
MacFilterPolicyOther = "string",
MacPasswordDelimiter = "string",
MacUsernameDelimiter = "string",
MaxClients = 0,
MaxClientsAp = 0,
Mbo = "string",
MboCellDataConnPref = "string",
MeDisableThresh = 0,
MeshBackhaul = "string",
Mpsk = "string",
MpskConcurrentClients = 0,
MpskKeys = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapMpskKeyArgs
{
Comment = "string",
ConcurrentClients = "string",
KeyName = "string",
MpskSchedules = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapMpskKeyMpskScheduleArgs
{
Name = "string",
},
},
Passphrase = "string",
},
},
MpskProfile = "string",
MuMimo = "string",
MulticastEnhance = "string",
MulticastRate = "string",
N80211k = "string",
N80211v = "string",
Nac = "string",
NacProfile = "string",
Name = "string",
NasFilterRule = "string",
NeighborReportDualBand = "string",
Okc = "string",
Osen = "string",
OweGroups = "string",
OweTransition = "string",
OweTransitionSsid = "string",
Passphrase = "string",
Pmf = "string",
PmfAssocComebackTimeout = 0,
PmfSaQueryRetryTimeout = 0,
PortMacauth = "string",
PortMacauthReauthTimeout = 0,
PortMacauthTimeout = 0,
PortalMessageOverrideGroup = "string",
PortalMessageOverrides = new Fortios.Wirelesscontroller.Inputs.VapPortalMessageOverridesArgs
{
AuthDisclaimerPage = "string",
AuthLoginFailedPage = "string",
AuthLoginPage = "string",
AuthRejectPage = "string",
},
PortalType = "string",
PrimaryWagProfile = "string",
ProbeRespSuppression = "string",
ProbeRespThreshold = "string",
PtkRekey = "string",
PtkRekeyIntv = 0,
QosProfile = "string",
Quarantine = "string",
Radio2gThreshold = "string",
Radio5gThreshold = "string",
RadioSensitivity = "string",
RadiusMacAuth = "string",
RadiusMacAuthBlockInterval = 0,
RadiusMacAuthServer = "string",
RadiusMacAuthUsergroups = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapRadiusMacAuthUsergroupArgs
{
Name = "string",
},
},
RadiusMacMpskAuth = "string",
RadiusMacMpskTimeout = 0,
RadiusServer = "string",
Rates11a = "string",
Rates11acMcsMap = "string",
Rates11acSs12 = "string",
Rates11acSs34 = "string",
Rates11axMcsMap = "string",
Rates11axSs12 = "string",
Rates11axSs34 = "string",
Rates11beMcsMap = "string",
Rates11beMcsMap160 = "string",
Rates11beMcsMap320 = "string",
Rates11bg = "string",
Rates11nSs12 = "string",
Rates11nSs34 = "string",
RoamingAcctInterimUpdate = "string",
SaeGroups = "string",
SaeH2eOnly = "string",
SaeHnpOnly = "string",
SaePassword = "string",
SaePk = "string",
SaePrivateKey = "string",
ScanBotnetConnections = "string",
Schedule = "string",
SecondaryWagProfile = "string",
Security = "string",
SecurityExemptList = "string",
SecurityObsoleteOption = "string",
SecurityRedirectUrl = "string",
SelectedUsergroups = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapSelectedUsergroupArgs
{
Name = "string",
},
},
SplitTunneling = "string",
Ssid = "string",
StickyClientRemove = "string",
StickyClientThreshold2g = "string",
StickyClientThreshold5g = "string",
StickyClientThreshold6g = "string",
TargetWakeTime = "string",
TkipCounterMeasure = "string",
TunnelEchoInterval = 0,
TunnelFallbackInterval = 0,
Usergroups = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapUsergroupArgs
{
Name = "string",
},
},
UtmLog = "string",
UtmProfile = "string",
UtmStatus = "string",
Vdomparam = "string",
VlanAuto = "string",
VlanNames = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapVlanNameArgs
{
Name = "string",
VlanId = 0,
},
},
VlanPooling = "string",
VlanPools = new[]
{
new Fortios.Wirelesscontroller.Inputs.VapVlanPoolArgs
{
Id = 0,
WtpGroup = "string",
},
},
Vlanid = 0,
VoiceEnterprise = "string",
WebfilterProfile = "string",
});
example, err := wirelesscontroller.NewVap(ctx, "vapResource", &wirelesscontroller.VapArgs{
AccessControlList: pulumi.String("string"),
AcctInterimInterval: pulumi.Int(0),
AdditionalAkms: pulumi.String("string"),
AddressGroup: pulumi.String("string"),
AddressGroupPolicy: pulumi.String("string"),
Akm24Only: pulumi.String("string"),
Alias: pulumi.String("string"),
AntivirusProfile: pulumi.String("string"),
ApplicationDetectionEngine: pulumi.String("string"),
ApplicationDscpMarking: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
ApplicationReportIntv: pulumi.Int(0),
AtfWeight: pulumi.Int(0),
Auth: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthPortalAddr: pulumi.String("string"),
BeaconAdvertising: pulumi.String("string"),
BeaconProtection: pulumi.String("string"),
BroadcastSsid: pulumi.String("string"),
BroadcastSuppression: pulumi.String("string"),
BssColorPartial: pulumi.String("string"),
BstmDisassociationImminent: pulumi.String("string"),
BstmLoadBalancingDisassocTimer: pulumi.Int(0),
BstmRssiDisassocTimer: pulumi.Int(0),
CaptivePortal: pulumi.String("string"),
CaptivePortalAcName: pulumi.String("string"),
CaptivePortalAuthTimeout: pulumi.Int(0),
CaptivePortalFwAccounting: pulumi.String("string"),
CaptivePortalMacauthRadiusSecret: pulumi.String("string"),
CaptivePortalMacauthRadiusServer: pulumi.String("string"),
CaptivePortalRadiusSecret: pulumi.String("string"),
CaptivePortalRadiusServer: pulumi.String("string"),
CaptivePortalSessionTimeoutInterval: pulumi.Int(0),
DhcpAddressEnforcement: pulumi.String("string"),
DhcpLeaseTime: pulumi.Int(0),
DhcpOption43Insertion: pulumi.String("string"),
DhcpOption82CircuitIdInsertion: pulumi.String("string"),
DhcpOption82Insertion: pulumi.String("string"),
DhcpOption82RemoteIdInsertion: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
DynamicVlan: pulumi.String("string"),
EapReauth: pulumi.String("string"),
EapReauthIntv: pulumi.Int(0),
EapolKeyRetries: pulumi.String("string"),
Encrypt: pulumi.String("string"),
ExternalFastRoaming: pulumi.String("string"),
ExternalLogout: pulumi.String("string"),
ExternalWeb: pulumi.String("string"),
ExternalWebFormat: pulumi.String("string"),
FastBssTransition: pulumi.String("string"),
FastRoaming: pulumi.String("string"),
FtMobilityDomain: pulumi.Int(0),
FtOverDs: pulumi.String("string"),
FtR0KeyLifetime: pulumi.Int(0),
GasComebackDelay: pulumi.Int(0),
GasFragmentationLimit: pulumi.Int(0),
GetAllTables: pulumi.String("string"),
GtkRekey: pulumi.String("string"),
GtkRekeyIntv: pulumi.Int(0),
HighEfficiency: pulumi.String("string"),
Hotspot20Profile: pulumi.String("string"),
IgmpSnooping: pulumi.String("string"),
IntraVapPrivacy: pulumi.String("string"),
Ip: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Ipv6Rules: pulumi.String("string"),
Key: pulumi.String("string"),
Keyindex: pulumi.Int(0),
L3Roaming: pulumi.String("string"),
L3RoamingMode: pulumi.String("string"),
Ldpc: pulumi.String("string"),
LocalAuthentication: pulumi.String("string"),
LocalBridging: pulumi.String("string"),
LocalLan: pulumi.String("string"),
LocalStandalone: pulumi.String("string"),
LocalStandaloneDns: pulumi.String("string"),
LocalStandaloneDnsIp: pulumi.String("string"),
LocalStandaloneNat: pulumi.String("string"),
MacAuthBypass: pulumi.String("string"),
MacCalledStationDelimiter: pulumi.String("string"),
MacCallingStationDelimiter: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacFilter: pulumi.String("string"),
MacFilterLists: wirelesscontroller.VapMacFilterListArray{
&wirelesscontroller.VapMacFilterListArgs{
Id: pulumi.Int(0),
Mac: pulumi.String("string"),
MacFilterPolicy: pulumi.String("string"),
},
},
MacFilterPolicyOther: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
MaxClients: pulumi.Int(0),
MaxClientsAp: pulumi.Int(0),
Mbo: pulumi.String("string"),
MboCellDataConnPref: pulumi.String("string"),
MeDisableThresh: pulumi.Int(0),
MeshBackhaul: pulumi.String("string"),
Mpsk: pulumi.String("string"),
MpskConcurrentClients: pulumi.Int(0),
MpskKeys: wirelesscontroller.VapMpskKeyArray{
&wirelesscontroller.VapMpskKeyArgs{
Comment: pulumi.String("string"),
ConcurrentClients: pulumi.String("string"),
KeyName: pulumi.String("string"),
MpskSchedules: wirelesscontroller.VapMpskKeyMpskScheduleArray{
&wirelesscontroller.VapMpskKeyMpskScheduleArgs{
Name: pulumi.String("string"),
},
},
Passphrase: pulumi.String("string"),
},
},
MpskProfile: pulumi.String("string"),
MuMimo: pulumi.String("string"),
MulticastEnhance: pulumi.String("string"),
MulticastRate: pulumi.String("string"),
N80211k: pulumi.String("string"),
N80211v: pulumi.String("string"),
Nac: pulumi.String("string"),
NacProfile: pulumi.String("string"),
Name: pulumi.String("string"),
NasFilterRule: pulumi.String("string"),
NeighborReportDualBand: pulumi.String("string"),
Okc: pulumi.String("string"),
Osen: pulumi.String("string"),
OweGroups: pulumi.String("string"),
OweTransition: pulumi.String("string"),
OweTransitionSsid: pulumi.String("string"),
Passphrase: pulumi.String("string"),
Pmf: pulumi.String("string"),
PmfAssocComebackTimeout: pulumi.Int(0),
PmfSaQueryRetryTimeout: pulumi.Int(0),
PortMacauth: pulumi.String("string"),
PortMacauthReauthTimeout: pulumi.Int(0),
PortMacauthTimeout: pulumi.Int(0),
PortalMessageOverrideGroup: pulumi.String("string"),
PortalMessageOverrides: &wirelesscontroller.VapPortalMessageOverridesArgs{
AuthDisclaimerPage: pulumi.String("string"),
AuthLoginFailedPage: pulumi.String("string"),
AuthLoginPage: pulumi.String("string"),
AuthRejectPage: pulumi.String("string"),
},
PortalType: pulumi.String("string"),
PrimaryWagProfile: pulumi.String("string"),
ProbeRespSuppression: pulumi.String("string"),
ProbeRespThreshold: pulumi.String("string"),
PtkRekey: pulumi.String("string"),
PtkRekeyIntv: pulumi.Int(0),
QosProfile: pulumi.String("string"),
Quarantine: pulumi.String("string"),
Radio2gThreshold: pulumi.String("string"),
Radio5gThreshold: pulumi.String("string"),
RadioSensitivity: pulumi.String("string"),
RadiusMacAuth: pulumi.String("string"),
RadiusMacAuthBlockInterval: pulumi.Int(0),
RadiusMacAuthServer: pulumi.String("string"),
RadiusMacAuthUsergroups: wirelesscontroller.VapRadiusMacAuthUsergroupArray{
&wirelesscontroller.VapRadiusMacAuthUsergroupArgs{
Name: pulumi.String("string"),
},
},
RadiusMacMpskAuth: pulumi.String("string"),
RadiusMacMpskTimeout: pulumi.Int(0),
RadiusServer: pulumi.String("string"),
Rates11a: pulumi.String("string"),
Rates11acMcsMap: pulumi.String("string"),
Rates11acSs12: pulumi.String("string"),
Rates11acSs34: pulumi.String("string"),
Rates11axMcsMap: pulumi.String("string"),
Rates11axSs12: pulumi.String("string"),
Rates11axSs34: pulumi.String("string"),
Rates11beMcsMap: pulumi.String("string"),
Rates11beMcsMap160: pulumi.String("string"),
Rates11beMcsMap320: pulumi.String("string"),
Rates11bg: pulumi.String("string"),
Rates11nSs12: pulumi.String("string"),
Rates11nSs34: pulumi.String("string"),
RoamingAcctInterimUpdate: pulumi.String("string"),
SaeGroups: pulumi.String("string"),
SaeH2eOnly: pulumi.String("string"),
SaeHnpOnly: pulumi.String("string"),
SaePassword: pulumi.String("string"),
SaePk: pulumi.String("string"),
SaePrivateKey: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
Schedule: pulumi.String("string"),
SecondaryWagProfile: pulumi.String("string"),
Security: pulumi.String("string"),
SecurityExemptList: pulumi.String("string"),
SecurityObsoleteOption: pulumi.String("string"),
SecurityRedirectUrl: pulumi.String("string"),
SelectedUsergroups: wirelesscontroller.VapSelectedUsergroupArray{
&wirelesscontroller.VapSelectedUsergroupArgs{
Name: pulumi.String("string"),
},
},
SplitTunneling: pulumi.String("string"),
Ssid: pulumi.String("string"),
StickyClientRemove: pulumi.String("string"),
StickyClientThreshold2g: pulumi.String("string"),
StickyClientThreshold5g: pulumi.String("string"),
StickyClientThreshold6g: pulumi.String("string"),
TargetWakeTime: pulumi.String("string"),
TkipCounterMeasure: pulumi.String("string"),
TunnelEchoInterval: pulumi.Int(0),
TunnelFallbackInterval: pulumi.Int(0),
Usergroups: wirelesscontroller.VapUsergroupArray{
&wirelesscontroller.VapUsergroupArgs{
Name: pulumi.String("string"),
},
},
UtmLog: pulumi.String("string"),
UtmProfile: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Vdomparam: pulumi.String("string"),
VlanAuto: pulumi.String("string"),
VlanNames: wirelesscontroller.VapVlanNameArray{
&wirelesscontroller.VapVlanNameArgs{
Name: pulumi.String("string"),
VlanId: pulumi.Int(0),
},
},
VlanPooling: pulumi.String("string"),
VlanPools: wirelesscontroller.VapVlanPoolArray{
&wirelesscontroller.VapVlanPoolArgs{
Id: pulumi.Int(0),
WtpGroup: pulumi.String("string"),
},
},
Vlanid: pulumi.Int(0),
VoiceEnterprise: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
})
var vapResource = new Vap("vapResource", VapArgs.builder()
.accessControlList("string")
.acctInterimInterval(0)
.additionalAkms("string")
.addressGroup("string")
.addressGroupPolicy("string")
.akm24Only("string")
.alias("string")
.antivirusProfile("string")
.applicationDetectionEngine("string")
.applicationDscpMarking("string")
.applicationList("string")
.applicationReportIntv(0)
.atfWeight(0)
.auth("string")
.authCert("string")
.authPortalAddr("string")
.beaconAdvertising("string")
.beaconProtection("string")
.broadcastSsid("string")
.broadcastSuppression("string")
.bssColorPartial("string")
.bstmDisassociationImminent("string")
.bstmLoadBalancingDisassocTimer(0)
.bstmRssiDisassocTimer(0)
.captivePortal("string")
.captivePortalAcName("string")
.captivePortalAuthTimeout(0)
.captivePortalFwAccounting("string")
.captivePortalMacauthRadiusSecret("string")
.captivePortalMacauthRadiusServer("string")
.captivePortalRadiusSecret("string")
.captivePortalRadiusServer("string")
.captivePortalSessionTimeoutInterval(0)
.dhcpAddressEnforcement("string")
.dhcpLeaseTime(0)
.dhcpOption43Insertion("string")
.dhcpOption82CircuitIdInsertion("string")
.dhcpOption82Insertion("string")
.dhcpOption82RemoteIdInsertion("string")
.dynamicSortSubtable("string")
.dynamicVlan("string")
.eapReauth("string")
.eapReauthIntv(0)
.eapolKeyRetries("string")
.encrypt("string")
.externalFastRoaming("string")
.externalLogout("string")
.externalWeb("string")
.externalWebFormat("string")
.fastBssTransition("string")
.fastRoaming("string")
.ftMobilityDomain(0)
.ftOverDs("string")
.ftR0KeyLifetime(0)
.gasComebackDelay(0)
.gasFragmentationLimit(0)
.getAllTables("string")
.gtkRekey("string")
.gtkRekeyIntv(0)
.highEfficiency("string")
.hotspot20Profile("string")
.igmpSnooping("string")
.intraVapPrivacy("string")
.ip("string")
.ipsSensor("string")
.ipv6Rules("string")
.key("string")
.keyindex(0)
.l3Roaming("string")
.l3RoamingMode("string")
.ldpc("string")
.localAuthentication("string")
.localBridging("string")
.localLan("string")
.localStandalone("string")
.localStandaloneDns("string")
.localStandaloneDnsIp("string")
.localStandaloneNat("string")
.macAuthBypass("string")
.macCalledStationDelimiter("string")
.macCallingStationDelimiter("string")
.macCase("string")
.macFilter("string")
.macFilterLists(VapMacFilterListArgs.builder()
.id(0)
.mac("string")
.macFilterPolicy("string")
.build())
.macFilterPolicyOther("string")
.macPasswordDelimiter("string")
.macUsernameDelimiter("string")
.maxClients(0)
.maxClientsAp(0)
.mbo("string")
.mboCellDataConnPref("string")
.meDisableThresh(0)
.meshBackhaul("string")
.mpsk("string")
.mpskConcurrentClients(0)
.mpskKeys(VapMpskKeyArgs.builder()
.comment("string")
.concurrentClients("string")
.keyName("string")
.mpskSchedules(VapMpskKeyMpskScheduleArgs.builder()
.name("string")
.build())
.passphrase("string")
.build())
.mpskProfile("string")
.muMimo("string")
.multicastEnhance("string")
.multicastRate("string")
.n80211k("string")
.n80211v("string")
.nac("string")
.nacProfile("string")
.name("string")
.nasFilterRule("string")
.neighborReportDualBand("string")
.okc("string")
.osen("string")
.oweGroups("string")
.oweTransition("string")
.oweTransitionSsid("string")
.passphrase("string")
.pmf("string")
.pmfAssocComebackTimeout(0)
.pmfSaQueryRetryTimeout(0)
.portMacauth("string")
.portMacauthReauthTimeout(0)
.portMacauthTimeout(0)
.portalMessageOverrideGroup("string")
.portalMessageOverrides(VapPortalMessageOverridesArgs.builder()
.authDisclaimerPage("string")
.authLoginFailedPage("string")
.authLoginPage("string")
.authRejectPage("string")
.build())
.portalType("string")
.primaryWagProfile("string")
.probeRespSuppression("string")
.probeRespThreshold("string")
.ptkRekey("string")
.ptkRekeyIntv(0)
.qosProfile("string")
.quarantine("string")
.radio2gThreshold("string")
.radio5gThreshold("string")
.radioSensitivity("string")
.radiusMacAuth("string")
.radiusMacAuthBlockInterval(0)
.radiusMacAuthServer("string")
.radiusMacAuthUsergroups(VapRadiusMacAuthUsergroupArgs.builder()
.name("string")
.build())
.radiusMacMpskAuth("string")
.radiusMacMpskTimeout(0)
.radiusServer("string")
.rates11a("string")
.rates11acMcsMap("string")
.rates11acSs12("string")
.rates11acSs34("string")
.rates11axMcsMap("string")
.rates11axSs12("string")
.rates11axSs34("string")
.rates11beMcsMap("string")
.rates11beMcsMap160("string")
.rates11beMcsMap320("string")
.rates11bg("string")
.rates11nSs12("string")
.rates11nSs34("string")
.roamingAcctInterimUpdate("string")
.saeGroups("string")
.saeH2eOnly("string")
.saeHnpOnly("string")
.saePassword("string")
.saePk("string")
.saePrivateKey("string")
.scanBotnetConnections("string")
.schedule("string")
.secondaryWagProfile("string")
.security("string")
.securityExemptList("string")
.securityObsoleteOption("string")
.securityRedirectUrl("string")
.selectedUsergroups(VapSelectedUsergroupArgs.builder()
.name("string")
.build())
.splitTunneling("string")
.ssid("string")
.stickyClientRemove("string")
.stickyClientThreshold2g("string")
.stickyClientThreshold5g("string")
.stickyClientThreshold6g("string")
.targetWakeTime("string")
.tkipCounterMeasure("string")
.tunnelEchoInterval(0)
.tunnelFallbackInterval(0)
.usergroups(VapUsergroupArgs.builder()
.name("string")
.build())
.utmLog("string")
.utmProfile("string")
.utmStatus("string")
.vdomparam("string")
.vlanAuto("string")
.vlanNames(VapVlanNameArgs.builder()
.name("string")
.vlanId(0)
.build())
.vlanPooling("string")
.vlanPools(VapVlanPoolArgs.builder()
.id(0)
.wtpGroup("string")
.build())
.vlanid(0)
.voiceEnterprise("string")
.webfilterProfile("string")
.build());
vap_resource = fortios.wirelesscontroller.Vap("vapResource",
access_control_list="string",
acct_interim_interval=0,
additional_akms="string",
address_group="string",
address_group_policy="string",
akm24_only="string",
alias="string",
antivirus_profile="string",
application_detection_engine="string",
application_dscp_marking="string",
application_list="string",
application_report_intv=0,
atf_weight=0,
auth="string",
auth_cert="string",
auth_portal_addr="string",
beacon_advertising="string",
beacon_protection="string",
broadcast_ssid="string",
broadcast_suppression="string",
bss_color_partial="string",
bstm_disassociation_imminent="string",
bstm_load_balancing_disassoc_timer=0,
bstm_rssi_disassoc_timer=0,
captive_portal="string",
captive_portal_ac_name="string",
captive_portal_auth_timeout=0,
captive_portal_fw_accounting="string",
captive_portal_macauth_radius_secret="string",
captive_portal_macauth_radius_server="string",
captive_portal_radius_secret="string",
captive_portal_radius_server="string",
captive_portal_session_timeout_interval=0,
dhcp_address_enforcement="string",
dhcp_lease_time=0,
dhcp_option43_insertion="string",
dhcp_option82_circuit_id_insertion="string",
dhcp_option82_insertion="string",
dhcp_option82_remote_id_insertion="string",
dynamic_sort_subtable="string",
dynamic_vlan="string",
eap_reauth="string",
eap_reauth_intv=0,
eapol_key_retries="string",
encrypt="string",
external_fast_roaming="string",
external_logout="string",
external_web="string",
external_web_format="string",
fast_bss_transition="string",
fast_roaming="string",
ft_mobility_domain=0,
ft_over_ds="string",
ft_r0_key_lifetime=0,
gas_comeback_delay=0,
gas_fragmentation_limit=0,
get_all_tables="string",
gtk_rekey="string",
gtk_rekey_intv=0,
high_efficiency="string",
hotspot20_profile="string",
igmp_snooping="string",
intra_vap_privacy="string",
ip="string",
ips_sensor="string",
ipv6_rules="string",
key="string",
keyindex=0,
l3_roaming="string",
l3_roaming_mode="string",
ldpc="string",
local_authentication="string",
local_bridging="string",
local_lan="string",
local_standalone="string",
local_standalone_dns="string",
local_standalone_dns_ip="string",
local_standalone_nat="string",
mac_auth_bypass="string",
mac_called_station_delimiter="string",
mac_calling_station_delimiter="string",
mac_case="string",
mac_filter="string",
mac_filter_lists=[{
"id": 0,
"mac": "string",
"mac_filter_policy": "string",
}],
mac_filter_policy_other="string",
mac_password_delimiter="string",
mac_username_delimiter="string",
max_clients=0,
max_clients_ap=0,
mbo="string",
mbo_cell_data_conn_pref="string",
me_disable_thresh=0,
mesh_backhaul="string",
mpsk="string",
mpsk_concurrent_clients=0,
mpsk_keys=[{
"comment": "string",
"concurrent_clients": "string",
"key_name": "string",
"mpsk_schedules": [{
"name": "string",
}],
"passphrase": "string",
}],
mpsk_profile="string",
mu_mimo="string",
multicast_enhance="string",
multicast_rate="string",
n80211k="string",
n80211v="string",
nac="string",
nac_profile="string",
name="string",
nas_filter_rule="string",
neighbor_report_dual_band="string",
okc="string",
osen="string",
owe_groups="string",
owe_transition="string",
owe_transition_ssid="string",
passphrase="string",
pmf="string",
pmf_assoc_comeback_timeout=0,
pmf_sa_query_retry_timeout=0,
port_macauth="string",
port_macauth_reauth_timeout=0,
port_macauth_timeout=0,
portal_message_override_group="string",
portal_message_overrides={
"auth_disclaimer_page": "string",
"auth_login_failed_page": "string",
"auth_login_page": "string",
"auth_reject_page": "string",
},
portal_type="string",
primary_wag_profile="string",
probe_resp_suppression="string",
probe_resp_threshold="string",
ptk_rekey="string",
ptk_rekey_intv=0,
qos_profile="string",
quarantine="string",
radio2g_threshold="string",
radio5g_threshold="string",
radio_sensitivity="string",
radius_mac_auth="string",
radius_mac_auth_block_interval=0,
radius_mac_auth_server="string",
radius_mac_auth_usergroups=[{
"name": "string",
}],
radius_mac_mpsk_auth="string",
radius_mac_mpsk_timeout=0,
radius_server="string",
rates11a="string",
rates11ac_mcs_map="string",
rates11ac_ss12="string",
rates11ac_ss34="string",
rates11ax_mcs_map="string",
rates11ax_ss12="string",
rates11ax_ss34="string",
rates11be_mcs_map="string",
rates11be_mcs_map160="string",
rates11be_mcs_map320="string",
rates11bg="string",
rates11n_ss12="string",
rates11n_ss34="string",
roaming_acct_interim_update="string",
sae_groups="string",
sae_h2e_only="string",
sae_hnp_only="string",
sae_password="string",
sae_pk="string",
sae_private_key="string",
scan_botnet_connections="string",
schedule="string",
secondary_wag_profile="string",
security="string",
security_exempt_list="string",
security_obsolete_option="string",
security_redirect_url="string",
selected_usergroups=[{
"name": "string",
}],
split_tunneling="string",
ssid="string",
sticky_client_remove="string",
sticky_client_threshold2g="string",
sticky_client_threshold5g="string",
sticky_client_threshold6g="string",
target_wake_time="string",
tkip_counter_measure="string",
tunnel_echo_interval=0,
tunnel_fallback_interval=0,
usergroups=[{
"name": "string",
}],
utm_log="string",
utm_profile="string",
utm_status="string",
vdomparam="string",
vlan_auto="string",
vlan_names=[{
"name": "string",
"vlan_id": 0,
}],
vlan_pooling="string",
vlan_pools=[{
"id": 0,
"wtp_group": "string",
}],
vlanid=0,
voice_enterprise="string",
webfilter_profile="string")
const vapResource = new fortios.wirelesscontroller.Vap("vapResource", {
accessControlList: "string",
acctInterimInterval: 0,
additionalAkms: "string",
addressGroup: "string",
addressGroupPolicy: "string",
akm24Only: "string",
alias: "string",
antivirusProfile: "string",
applicationDetectionEngine: "string",
applicationDscpMarking: "string",
applicationList: "string",
applicationReportIntv: 0,
atfWeight: 0,
auth: "string",
authCert: "string",
authPortalAddr: "string",
beaconAdvertising: "string",
beaconProtection: "string",
broadcastSsid: "string",
broadcastSuppression: "string",
bssColorPartial: "string",
bstmDisassociationImminent: "string",
bstmLoadBalancingDisassocTimer: 0,
bstmRssiDisassocTimer: 0,
captivePortal: "string",
captivePortalAcName: "string",
captivePortalAuthTimeout: 0,
captivePortalFwAccounting: "string",
captivePortalMacauthRadiusSecret: "string",
captivePortalMacauthRadiusServer: "string",
captivePortalRadiusSecret: "string",
captivePortalRadiusServer: "string",
captivePortalSessionTimeoutInterval: 0,
dhcpAddressEnforcement: "string",
dhcpLeaseTime: 0,
dhcpOption43Insertion: "string",
dhcpOption82CircuitIdInsertion: "string",
dhcpOption82Insertion: "string",
dhcpOption82RemoteIdInsertion: "string",
dynamicSortSubtable: "string",
dynamicVlan: "string",
eapReauth: "string",
eapReauthIntv: 0,
eapolKeyRetries: "string",
encrypt: "string",
externalFastRoaming: "string",
externalLogout: "string",
externalWeb: "string",
externalWebFormat: "string",
fastBssTransition: "string",
fastRoaming: "string",
ftMobilityDomain: 0,
ftOverDs: "string",
ftR0KeyLifetime: 0,
gasComebackDelay: 0,
gasFragmentationLimit: 0,
getAllTables: "string",
gtkRekey: "string",
gtkRekeyIntv: 0,
highEfficiency: "string",
hotspot20Profile: "string",
igmpSnooping: "string",
intraVapPrivacy: "string",
ip: "string",
ipsSensor: "string",
ipv6Rules: "string",
key: "string",
keyindex: 0,
l3Roaming: "string",
l3RoamingMode: "string",
ldpc: "string",
localAuthentication: "string",
localBridging: "string",
localLan: "string",
localStandalone: "string",
localStandaloneDns: "string",
localStandaloneDnsIp: "string",
localStandaloneNat: "string",
macAuthBypass: "string",
macCalledStationDelimiter: "string",
macCallingStationDelimiter: "string",
macCase: "string",
macFilter: "string",
macFilterLists: [{
id: 0,
mac: "string",
macFilterPolicy: "string",
}],
macFilterPolicyOther: "string",
macPasswordDelimiter: "string",
macUsernameDelimiter: "string",
maxClients: 0,
maxClientsAp: 0,
mbo: "string",
mboCellDataConnPref: "string",
meDisableThresh: 0,
meshBackhaul: "string",
mpsk: "string",
mpskConcurrentClients: 0,
mpskKeys: [{
comment: "string",
concurrentClients: "string",
keyName: "string",
mpskSchedules: [{
name: "string",
}],
passphrase: "string",
}],
mpskProfile: "string",
muMimo: "string",
multicastEnhance: "string",
multicastRate: "string",
n80211k: "string",
n80211v: "string",
nac: "string",
nacProfile: "string",
name: "string",
nasFilterRule: "string",
neighborReportDualBand: "string",
okc: "string",
osen: "string",
oweGroups: "string",
oweTransition: "string",
oweTransitionSsid: "string",
passphrase: "string",
pmf: "string",
pmfAssocComebackTimeout: 0,
pmfSaQueryRetryTimeout: 0,
portMacauth: "string",
portMacauthReauthTimeout: 0,
portMacauthTimeout: 0,
portalMessageOverrideGroup: "string",
portalMessageOverrides: {
authDisclaimerPage: "string",
authLoginFailedPage: "string",
authLoginPage: "string",
authRejectPage: "string",
},
portalType: "string",
primaryWagProfile: "string",
probeRespSuppression: "string",
probeRespThreshold: "string",
ptkRekey: "string",
ptkRekeyIntv: 0,
qosProfile: "string",
quarantine: "string",
radio2gThreshold: "string",
radio5gThreshold: "string",
radioSensitivity: "string",
radiusMacAuth: "string",
radiusMacAuthBlockInterval: 0,
radiusMacAuthServer: "string",
radiusMacAuthUsergroups: [{
name: "string",
}],
radiusMacMpskAuth: "string",
radiusMacMpskTimeout: 0,
radiusServer: "string",
rates11a: "string",
rates11acMcsMap: "string",
rates11acSs12: "string",
rates11acSs34: "string",
rates11axMcsMap: "string",
rates11axSs12: "string",
rates11axSs34: "string",
rates11beMcsMap: "string",
rates11beMcsMap160: "string",
rates11beMcsMap320: "string",
rates11bg: "string",
rates11nSs12: "string",
rates11nSs34: "string",
roamingAcctInterimUpdate: "string",
saeGroups: "string",
saeH2eOnly: "string",
saeHnpOnly: "string",
saePassword: "string",
saePk: "string",
saePrivateKey: "string",
scanBotnetConnections: "string",
schedule: "string",
secondaryWagProfile: "string",
security: "string",
securityExemptList: "string",
securityObsoleteOption: "string",
securityRedirectUrl: "string",
selectedUsergroups: [{
name: "string",
}],
splitTunneling: "string",
ssid: "string",
stickyClientRemove: "string",
stickyClientThreshold2g: "string",
stickyClientThreshold5g: "string",
stickyClientThreshold6g: "string",
targetWakeTime: "string",
tkipCounterMeasure: "string",
tunnelEchoInterval: 0,
tunnelFallbackInterval: 0,
usergroups: [{
name: "string",
}],
utmLog: "string",
utmProfile: "string",
utmStatus: "string",
vdomparam: "string",
vlanAuto: "string",
vlanNames: [{
name: "string",
vlanId: 0,
}],
vlanPooling: "string",
vlanPools: [{
id: 0,
wtpGroup: "string",
}],
vlanid: 0,
voiceEnterprise: "string",
webfilterProfile: "string",
});
type: fortios:wirelesscontroller:Vap
properties:
accessControlList: string
acctInterimInterval: 0
additionalAkms: string
addressGroup: string
addressGroupPolicy: string
akm24Only: string
alias: string
antivirusProfile: string
applicationDetectionEngine: string
applicationDscpMarking: string
applicationList: string
applicationReportIntv: 0
atfWeight: 0
auth: string
authCert: string
authPortalAddr: string
beaconAdvertising: string
beaconProtection: string
broadcastSsid: string
broadcastSuppression: string
bssColorPartial: string
bstmDisassociationImminent: string
bstmLoadBalancingDisassocTimer: 0
bstmRssiDisassocTimer: 0
captivePortal: string
captivePortalAcName: string
captivePortalAuthTimeout: 0
captivePortalFwAccounting: string
captivePortalMacauthRadiusSecret: string
captivePortalMacauthRadiusServer: string
captivePortalRadiusSecret: string
captivePortalRadiusServer: string
captivePortalSessionTimeoutInterval: 0
dhcpAddressEnforcement: string
dhcpLeaseTime: 0
dhcpOption43Insertion: string
dhcpOption82CircuitIdInsertion: string
dhcpOption82Insertion: string
dhcpOption82RemoteIdInsertion: string
dynamicSortSubtable: string
dynamicVlan: string
eapReauth: string
eapReauthIntv: 0
eapolKeyRetries: string
encrypt: string
externalFastRoaming: string
externalLogout: string
externalWeb: string
externalWebFormat: string
fastBssTransition: string
fastRoaming: string
ftMobilityDomain: 0
ftOverDs: string
ftR0KeyLifetime: 0
gasComebackDelay: 0
gasFragmentationLimit: 0
getAllTables: string
gtkRekey: string
gtkRekeyIntv: 0
highEfficiency: string
hotspot20Profile: string
igmpSnooping: string
intraVapPrivacy: string
ip: string
ipsSensor: string
ipv6Rules: string
key: string
keyindex: 0
l3Roaming: string
l3RoamingMode: string
ldpc: string
localAuthentication: string
localBridging: string
localLan: string
localStandalone: string
localStandaloneDns: string
localStandaloneDnsIp: string
localStandaloneNat: string
macAuthBypass: string
macCalledStationDelimiter: string
macCallingStationDelimiter: string
macCase: string
macFilter: string
macFilterLists:
- id: 0
mac: string
macFilterPolicy: string
macFilterPolicyOther: string
macPasswordDelimiter: string
macUsernameDelimiter: string
maxClients: 0
maxClientsAp: 0
mbo: string
mboCellDataConnPref: string
meDisableThresh: 0
meshBackhaul: string
mpsk: string
mpskConcurrentClients: 0
mpskKeys:
- comment: string
concurrentClients: string
keyName: string
mpskSchedules:
- name: string
passphrase: string
mpskProfile: string
muMimo: string
multicastEnhance: string
multicastRate: string
n80211k: string
n80211v: string
nac: string
nacProfile: string
name: string
nasFilterRule: string
neighborReportDualBand: string
okc: string
osen: string
oweGroups: string
oweTransition: string
oweTransitionSsid: string
passphrase: string
pmf: string
pmfAssocComebackTimeout: 0
pmfSaQueryRetryTimeout: 0
portMacauth: string
portMacauthReauthTimeout: 0
portMacauthTimeout: 0
portalMessageOverrideGroup: string
portalMessageOverrides:
authDisclaimerPage: string
authLoginFailedPage: string
authLoginPage: string
authRejectPage: string
portalType: string
primaryWagProfile: string
probeRespSuppression: string
probeRespThreshold: string
ptkRekey: string
ptkRekeyIntv: 0
qosProfile: string
quarantine: string
radio2gThreshold: string
radio5gThreshold: string
radioSensitivity: string
radiusMacAuth: string
radiusMacAuthBlockInterval: 0
radiusMacAuthServer: string
radiusMacAuthUsergroups:
- name: string
radiusMacMpskAuth: string
radiusMacMpskTimeout: 0
radiusServer: string
rates11a: string
rates11acMcsMap: string
rates11acSs12: string
rates11acSs34: string
rates11axMcsMap: string
rates11axSs12: string
rates11axSs34: string
rates11beMcsMap: string
rates11beMcsMap160: string
rates11beMcsMap320: string
rates11bg: string
rates11nSs12: string
rates11nSs34: string
roamingAcctInterimUpdate: string
saeGroups: string
saeH2eOnly: string
saeHnpOnly: string
saePassword: string
saePk: string
saePrivateKey: string
scanBotnetConnections: string
schedule: string
secondaryWagProfile: string
security: string
securityExemptList: string
securityObsoleteOption: string
securityRedirectUrl: string
selectedUsergroups:
- name: string
splitTunneling: string
ssid: string
stickyClientRemove: string
stickyClientThreshold2g: string
stickyClientThreshold5g: string
stickyClientThreshold6g: string
targetWakeTime: string
tkipCounterMeasure: string
tunnelEchoInterval: 0
tunnelFallbackInterval: 0
usergroups:
- name: string
utmLog: string
utmProfile: string
utmStatus: string
vdomparam: string
vlanAuto: string
vlanNames:
- name: string
vlanId: 0
vlanPooling: string
vlanPools:
- id: 0
wtpGroup: string
vlanid: 0
voiceEnterprise: string
webfilterProfile: string
Vap Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Vap resource accepts the following input properties:
- Access
Control stringList - access-control-list profile name.
- Acct
Interim intInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms string - Additional AKMs.
- Address
Group string - Address group ID.
- Address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - Application
List string - Application control list name.
- Application
Report intIntv - Application report interval (30 - 864000 sec, default = 120).
- Atf
Weight int - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - Beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - Broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- Bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - Bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - Bstm
Load intBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- Bstm
Rssi intDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- Captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal intAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - Captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal intSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - Dhcp
Lease intTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - Eap
Reauth intIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - Ft
Mobility intDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - Ft
R0Key intLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback intDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- Gas
Fragmentation intLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - Gtk
Rekey intIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - Local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - Mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - Mac
Filter List<Pulumiverse.Lists Fortios. Wirelesscontroller. Inputs. Vap Mac Filter List> - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Max
Clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients intAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - Mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - Me
Disable intThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - Mpsk
Concurrent intClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- Mpsk
Keys List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - Mpsk
Profile string - MPSK profile name.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - Nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - Nac
Profile string - NAC profile name.
- Name string
- Virtual AP name.
- Nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - Neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - Owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - Pmf
Assoc intComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa intQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - Port
Macauth intReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- Port
Macauth intTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Message Pulumiverse.Overrides Fortios. Wirelesscontroller. Inputs. Vap Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - Ptk
Rekey intIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - Radius
Mac intAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac List<Pulumiverse.Auth Usergroups Fortios. Wirelesscontroller. Inputs. Vap Radius Mac Auth Usergroup> - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - Radius
Mac intMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - Rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - Sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - Schedule string
- VAP schedule name.
- Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Selected Usergroup> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - Sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- Sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - Tunnel
Echo intInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback intInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
List<Pulumiverse.
Fortios. Wirelesscontroller. Inputs. Vap Usergroup> - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - Utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - Vlan
Names List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Name> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - Vlan
Pools List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Pool> - VLAN pool. The structure of
vlan_pool
block is documented below. - Vlanid int
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - Webfilter
Profile string - WebFilter profile name.
- Access
Control stringList - access-control-list profile name.
- Acct
Interim intInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms string - Additional AKMs.
- Address
Group string - Address group ID.
- Address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - Application
List string - Application control list name.
- Application
Report intIntv - Application report interval (30 - 864000 sec, default = 120).
- Atf
Weight int - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - Beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - Broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- Bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - Bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - Bstm
Load intBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- Bstm
Rssi intDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- Captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal intAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - Captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal intSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - Dhcp
Lease intTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - Eap
Reauth intIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - Ft
Mobility intDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - Ft
R0Key intLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback intDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- Gas
Fragmentation intLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - Gtk
Rekey intIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - Local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - Mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - Mac
Filter []VapLists Mac Filter List Args - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Max
Clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients intAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - Mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - Me
Disable intThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - Mpsk
Concurrent intClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- Mpsk
Keys []VapMpsk Key Args - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - Mpsk
Profile string - MPSK profile name.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - Nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - Nac
Profile string - NAC profile name.
- Name string
- Virtual AP name.
- Nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - Neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - Owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - Pmf
Assoc intComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa intQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - Port
Macauth intReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- Port
Macauth intTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Message VapOverrides Portal Message Overrides Args - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - Ptk
Rekey intIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - Radius
Mac intAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac []VapAuth Usergroups Radius Mac Auth Usergroup Args - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - Radius
Mac intMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - Rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - Sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - Schedule string
- VAP schedule name.
- Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups []VapSelected Usergroup Args - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - Sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- Sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - Tunnel
Echo intInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback intInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
[]Vap
Usergroup Args - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - Utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - Vlan
Names []VapVlan Name Args - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - Vlan
Pools []VapVlan Pool Args - VLAN pool. The structure of
vlan_pool
block is documented below. - Vlanid int
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - Webfilter
Profile string - WebFilter profile name.
- access
Control StringList - access-control-list profile name.
- acct
Interim IntegerInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms String - Additional AKMs.
- address
Group String - Address group ID.
- address
Group StringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List String - Application control list name.
- application
Report IntegerIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight Integer - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertising String - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection String - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression String - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color StringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation StringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load IntegerBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi IntegerDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal String - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal IntegerAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal StringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal StringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal IntegerSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address StringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease IntegerTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth IntegerIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility IntegerDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key IntegerLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback IntegerDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation IntegerLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey IntegerIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key String
- WEP Key.
- keyindex Integer
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication String - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone StringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called StringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling StringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case String - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter List<VapLists Mac Filter List> - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients Integer - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients IntegerAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell StringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable IntegerThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent IntegerClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys List<VapMpsk Key> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile String - MPSK profile name.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac String
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile String - NAC profile name.
- name String
- Virtual AP name.
- nas
Filter StringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report StringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups String - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc IntegerComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa IntegerQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth IntegerReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth IntegerTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message VapOverrides Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey IntegerIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac IntegerAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<VapAuth Usergroups Radius Mac Auth Usergroup> - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac IntegerMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 String - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 String - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 String - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 String - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs StringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs StringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs StringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 String - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 String - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups String - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password String - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule String
- VAP schedule name.
- secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups List<VapSelected Usergroup> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client StringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client StringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo IntegerInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback IntegerInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
List<Vap
Usergroup> - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log String - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names List<VapVlan Name> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools List<VapVlan Pool> - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid Integer
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile String - WebFilter profile name.
- access
Control stringList - access-control-list profile name.
- acct
Interim numberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms string - Additional AKMs.
- address
Group string - Address group ID.
- address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias string
- Alias.
- antivirus
Profile string - AntiVirus profile name.
- application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List string - Application control list name.
- application
Report numberIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight number - Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol.
- auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load numberBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi numberDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- captive
Portal numberAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal numberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease numberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth numberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout string - URL of external authentication logout server.
- external
Web string - URL of external authentication web server.
- external
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility numberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key numberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback numberDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation numberLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey numberIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile string
- Hotspot 2.0 profile name.
- igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor string - IPS sensor name.
- ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key string
- WEP Key.
- keyindex number
- WEP key index (1 - 4).
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter VapLists Mac Filter List[] - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients numberAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable numberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent numberClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys VapMpsk Key[] - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile string - MPSK profile name.
- mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile string - NAC profile name.
- name string
- Virtual AP name.
- nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition stringSsid - OWE transition mode peer SSID.
- passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc numberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa numberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth numberReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth numberTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message VapOverrides Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag stringProfile - Primary wireless access gateway profile name.
- probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey numberIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile string - Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac numberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac VapAuth Usergroups Radius Mac Auth Usergroup[] - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac numberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server string - RADIUS server to be used to authenticate WiFi users.
- rates11a string
- Allowed data rates for 802.11a.
- rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg string
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule string
- VAP schedule name.
- secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt stringList - Optional security exempt list for captive portal authentication.
- security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups VapSelected Usergroup[] - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo numberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback numberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Vap
Usergroup[] - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile string - UTM profile name.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names VapVlan Name[] - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools VapVlan Pool[] - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid number
- Optional VLAN ID.
- voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile string - WebFilter profile name.
- access_
control_ strlist - access-control-list profile name.
- acct_
interim_ intinterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_
akms str - Additional AKMs.
- address_
group str - Address group ID.
- address_
group_ strpolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24_
only str - WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias str
- Alias.
- antivirus_
profile str - AntiVirus profile name.
- application_
detection_ strengine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application_
dscp_ strmarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application_
list str - Application control list name.
- application_
report_ intintv - Application report interval (30 - 864000 sec, default = 120).
- atf_
weight int - Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol.
- auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- beacon_
advertising str - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon_
protection str - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast_
ssid str - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast_
suppression str - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss_
color_ strpartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm_
disassociation_ strimminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm_
load_ intbalancing_ disassoc_ timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_
rssi_ intdisassoc_ timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_
portal str - Enable/disable captive portal. Valid values:
enable
,disable
. - captive_
portal_ strac_ name - Local-bridging captive portal ac-name.
- captive_
portal_ intauth_ timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_
portal_ strfw_ accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive_
portal_ strmacauth_ radius_ secret - Secret key to access the macauth RADIUS server.
- captive_
portal_ strmacauth_ radius_ server - Captive portal external RADIUS server domain name or IP address.
- captive_
portal_ strradius_ secret - Secret key to access the RADIUS server.
- captive_
portal_ strradius_ server - Captive portal RADIUS server domain name or IP address.
- captive_
portal_ intsession_ timeout_ interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_
address_ strenforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp_
lease_ inttime - DHCP lease time in seconds for NAT IP address.
- dhcp_
option43_ strinsertion - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp_
option82_ strcircuit_ id_ insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp_
option82_ strinsertion - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp_
option82_ strremote_ id_ insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic_
vlan str - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap_
reauth str - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap_
reauth_ intintv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_
key_ strretries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external_
fast_ strroaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external_
logout str - URL of external authentication logout server.
- external_
web str - URL of external authentication web server.
- external_
web_ strformat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast_
bss_ strtransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast_
roaming str - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft_
mobility_ intdomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_
over_ strds - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft_
r0_ intkey_ lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_
comeback_ intdelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_
fragmentation_ intlimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk_
rekey str - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk_
rekey_ intintv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high_
efficiency str - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20_
profile str - Hotspot 2.0 profile name.
- igmp_
snooping str - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra_
vap_ strprivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_
sensor str - IPS sensor name.
- ipv6_
rules str - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key str
- WEP Key.
- keyindex int
- WEP key index (1 - 4).
- l3_
roaming str - Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3_
roaming_ strmode - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local_
authentication str - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local_
bridging str - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local_
lan str - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local_
standalone str - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local_
standalone_ strdns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local_
standalone_ strdns_ ip - IPv4 addresses for the local standalone DNS.
- local_
standalone_ strnat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac_
auth_ strbypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac_
called_ strstation_ delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
calling_ strstation_ delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
case str - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac_
filter str - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac_
filter_ Sequence[Vaplists Mac Filter List Args] - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac_
filter_ strpolicy_ other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max_
clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_
clients_ intap - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo_
cell_ strdata_ conn_ pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me_
disable_ intthresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_
backhaul str - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk str
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk_
concurrent_ intclients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk_
keys Sequence[VapMpsk Key Args] - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk_
profile str - MPSK profile name.
- mu_
mimo str - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast_
enhance str - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast_
rate str - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac str
- Enable/disable network access control. Valid values:
enable
,disable
. - nac_
profile str - NAC profile name.
- name str
- Virtual AP name.
- nas_
filter_ strrule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor_
report_ strdual_ band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe_
groups str - OWE-Groups. Valid values:
19
,20
,21
. - owe_
transition str - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe_
transition_ strssid - OWE transition mode peer SSID.
- passphrase str
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf_
assoc_ intcomeback_ timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_
sa_ intquery_ retry_ timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_
macauth str - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port_
macauth_ intreauth_ timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_
macauth_ inttimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_
message_ stroverride_ group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_
message_ Vapoverrides Portal Message Overrides Args - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal_
type str - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary_
wag_ strprofile - Primary wireless access gateway profile name.
- probe_
resp_ strsuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe_
resp_ strthreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_
rekey str - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk_
rekey_ intintv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos_
profile str - Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_
sensitivity str - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius_
mac_ strauth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius_
mac_ intauth_ block_ interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_
mac_ strauth_ server - RADIUS-based MAC authentication server.
- radius_
mac_ Sequence[Vapauth_ usergroups Radius Mac Auth Usergroup Args] - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius_
mac_ strmpsk_ auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius_
mac_ intmpsk_ timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_
server str - RADIUS server to be used to authenticate WiFi users.
- rates11a str
- Allowed data rates for 802.11a.
- rates11ac_
mcs_ strmap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_
ss12 str - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac_
ss34 str - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax_
mcs_ strmap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_
ss12 str - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax_
ss34 str - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be_
mcs_ strmap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be_
mcs_ strmap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be_
mcs_ strmap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg str
- Allowed data rates for 802.11b/g.
- rates11n_
ss12 str - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n_
ss34 str - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming_
acct_ strinterim_ update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae_
groups str - SAE-Groups. Valid values:
19
,20
,21
. - sae_
h2e_ stronly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae_
hnp_ stronly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae_
password str - WPA3 SAE password to be used to authenticate WiFi users.
- sae_
pk str - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae_
private_ strkey - Private key used for WPA3 SAE-PK authentication.
- scan_
botnet_ strconnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule str
- VAP schedule name.
- secondary_
wag_ strprofile - Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal).
- security_
exempt_ strlist - Optional security exempt list for captive portal authentication.
- security_
obsolete_ stroption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security_
redirect_ strurl - Optional URL for redirecting users after they pass captive portal authentication.
- selected_
usergroups Sequence[VapSelected Usergroup Args] - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split_
tunneling str - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_
client_ strremove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky_
client_ strthreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_
client_ strthreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_
client_ strthreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_
wake_ strtime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip_
counter_ strmeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel_
echo_ intinterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_
fallback_ intinterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Sequence[Vap
Usergroup Args] - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm_
log str - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm_
profile str - UTM profile name.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_
auto str - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan_
names Sequence[VapVlan Name Args] - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan_
pooling str - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan_
pools Sequence[VapVlan Pool Args] - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid int
- Optional VLAN ID.
- voice_
enterprise str - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter_
profile str - WebFilter profile name.
- access
Control StringList - access-control-list profile name.
- acct
Interim NumberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms String - Additional AKMs.
- address
Group String - Address group ID.
- address
Group StringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List String - Application control list name.
- application
Report NumberIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight Number - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertising String - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection String - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression String - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color StringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation StringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load NumberBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi NumberDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal String - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal NumberAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal StringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal StringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal NumberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address StringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease NumberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth NumberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility NumberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key NumberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback NumberDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation NumberLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey NumberIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key String
- WEP Key.
- keyindex Number
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication String - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone StringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called StringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling StringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case String - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter List<Property Map>Lists - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients Number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients NumberAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell StringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable NumberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent NumberClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys List<Property Map> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile String - MPSK profile name.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac String
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile String - NAC profile name.
- name String
- Virtual AP name.
- nas
Filter StringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report StringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups String - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc NumberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa NumberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth NumberReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth NumberTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message Property MapOverrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey NumberIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac NumberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<Property Map>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac NumberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 String - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 String - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 String - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 String - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs StringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs StringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs StringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 String - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 String - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups String - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password String - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule String
- VAP schedule name.
- secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups List<Property Map> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client StringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client StringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo NumberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback NumberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups List<Property Map>
- Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log String - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names List<Property Map> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools List<Property Map> - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid Number
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile String - WebFilter profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the Vap resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Vap Resource
Get an existing Vap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VapState, opts?: CustomResourceOptions): Vap
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_control_list: Optional[str] = None,
acct_interim_interval: Optional[int] = None,
additional_akms: Optional[str] = None,
address_group: Optional[str] = None,
address_group_policy: Optional[str] = None,
akm24_only: Optional[str] = None,
alias: Optional[str] = None,
antivirus_profile: Optional[str] = None,
application_detection_engine: Optional[str] = None,
application_dscp_marking: Optional[str] = None,
application_list: Optional[str] = None,
application_report_intv: Optional[int] = None,
atf_weight: Optional[int] = None,
auth: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
beacon_advertising: Optional[str] = None,
beacon_protection: Optional[str] = None,
broadcast_ssid: Optional[str] = None,
broadcast_suppression: Optional[str] = None,
bss_color_partial: Optional[str] = None,
bstm_disassociation_imminent: Optional[str] = None,
bstm_load_balancing_disassoc_timer: Optional[int] = None,
bstm_rssi_disassoc_timer: Optional[int] = None,
captive_portal: Optional[str] = None,
captive_portal_ac_name: Optional[str] = None,
captive_portal_auth_timeout: Optional[int] = None,
captive_portal_fw_accounting: Optional[str] = None,
captive_portal_macauth_radius_secret: Optional[str] = None,
captive_portal_macauth_radius_server: Optional[str] = None,
captive_portal_radius_secret: Optional[str] = None,
captive_portal_radius_server: Optional[str] = None,
captive_portal_session_timeout_interval: Optional[int] = None,
dhcp_address_enforcement: Optional[str] = None,
dhcp_lease_time: Optional[int] = None,
dhcp_option43_insertion: Optional[str] = None,
dhcp_option82_circuit_id_insertion: Optional[str] = None,
dhcp_option82_insertion: Optional[str] = None,
dhcp_option82_remote_id_insertion: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
dynamic_vlan: Optional[str] = None,
eap_reauth: Optional[str] = None,
eap_reauth_intv: Optional[int] = None,
eapol_key_retries: Optional[str] = None,
encrypt: Optional[str] = None,
external_fast_roaming: Optional[str] = None,
external_logout: Optional[str] = None,
external_web: Optional[str] = None,
external_web_format: Optional[str] = None,
fast_bss_transition: Optional[str] = None,
fast_roaming: Optional[str] = None,
ft_mobility_domain: Optional[int] = None,
ft_over_ds: Optional[str] = None,
ft_r0_key_lifetime: Optional[int] = None,
gas_comeback_delay: Optional[int] = None,
gas_fragmentation_limit: Optional[int] = None,
get_all_tables: Optional[str] = None,
gtk_rekey: Optional[str] = None,
gtk_rekey_intv: Optional[int] = None,
high_efficiency: Optional[str] = None,
hotspot20_profile: Optional[str] = None,
igmp_snooping: Optional[str] = None,
intra_vap_privacy: Optional[str] = None,
ip: Optional[str] = None,
ips_sensor: Optional[str] = None,
ipv6_rules: Optional[str] = None,
key: Optional[str] = None,
keyindex: Optional[int] = None,
l3_roaming: Optional[str] = None,
l3_roaming_mode: Optional[str] = None,
ldpc: Optional[str] = None,
local_authentication: Optional[str] = None,
local_bridging: Optional[str] = None,
local_lan: Optional[str] = None,
local_standalone: Optional[str] = None,
local_standalone_dns: Optional[str] = None,
local_standalone_dns_ip: Optional[str] = None,
local_standalone_nat: Optional[str] = None,
mac_auth_bypass: Optional[str] = None,
mac_called_station_delimiter: Optional[str] = None,
mac_calling_station_delimiter: Optional[str] = None,
mac_case: Optional[str] = None,
mac_filter: Optional[str] = None,
mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
mac_filter_policy_other: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
max_clients: Optional[int] = None,
max_clients_ap: Optional[int] = None,
mbo: Optional[str] = None,
mbo_cell_data_conn_pref: Optional[str] = None,
me_disable_thresh: Optional[int] = None,
mesh_backhaul: Optional[str] = None,
mpsk: Optional[str] = None,
mpsk_concurrent_clients: Optional[int] = None,
mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
mpsk_profile: Optional[str] = None,
mu_mimo: Optional[str] = None,
multicast_enhance: Optional[str] = None,
multicast_rate: Optional[str] = None,
n80211k: Optional[str] = None,
n80211v: Optional[str] = None,
nac: Optional[str] = None,
nac_profile: Optional[str] = None,
name: Optional[str] = None,
nas_filter_rule: Optional[str] = None,
neighbor_report_dual_band: Optional[str] = None,
okc: Optional[str] = None,
osen: Optional[str] = None,
owe_groups: Optional[str] = None,
owe_transition: Optional[str] = None,
owe_transition_ssid: Optional[str] = None,
passphrase: Optional[str] = None,
pmf: Optional[str] = None,
pmf_assoc_comeback_timeout: Optional[int] = None,
pmf_sa_query_retry_timeout: Optional[int] = None,
port_macauth: Optional[str] = None,
port_macauth_reauth_timeout: Optional[int] = None,
port_macauth_timeout: Optional[int] = None,
portal_message_override_group: Optional[str] = None,
portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
portal_type: Optional[str] = None,
primary_wag_profile: Optional[str] = None,
probe_resp_suppression: Optional[str] = None,
probe_resp_threshold: Optional[str] = None,
ptk_rekey: Optional[str] = None,
ptk_rekey_intv: Optional[int] = None,
qos_profile: Optional[str] = None,
quarantine: Optional[str] = None,
radio2g_threshold: Optional[str] = None,
radio5g_threshold: Optional[str] = None,
radio_sensitivity: Optional[str] = None,
radius_mac_auth: Optional[str] = None,
radius_mac_auth_block_interval: Optional[int] = None,
radius_mac_auth_server: Optional[str] = None,
radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
radius_mac_mpsk_auth: Optional[str] = None,
radius_mac_mpsk_timeout: Optional[int] = None,
radius_server: Optional[str] = None,
rates11a: Optional[str] = None,
rates11ac_mcs_map: Optional[str] = None,
rates11ac_ss12: Optional[str] = None,
rates11ac_ss34: Optional[str] = None,
rates11ax_mcs_map: Optional[str] = None,
rates11ax_ss12: Optional[str] = None,
rates11ax_ss34: Optional[str] = None,
rates11be_mcs_map: Optional[str] = None,
rates11be_mcs_map160: Optional[str] = None,
rates11be_mcs_map320: Optional[str] = None,
rates11bg: Optional[str] = None,
rates11n_ss12: Optional[str] = None,
rates11n_ss34: Optional[str] = None,
roaming_acct_interim_update: Optional[str] = None,
sae_groups: Optional[str] = None,
sae_h2e_only: Optional[str] = None,
sae_hnp_only: Optional[str] = None,
sae_password: Optional[str] = None,
sae_pk: Optional[str] = None,
sae_private_key: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
secondary_wag_profile: Optional[str] = None,
security: Optional[str] = None,
security_exempt_list: Optional[str] = None,
security_obsolete_option: Optional[str] = None,
security_redirect_url: Optional[str] = None,
selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
split_tunneling: Optional[str] = None,
ssid: Optional[str] = None,
sticky_client_remove: Optional[str] = None,
sticky_client_threshold2g: Optional[str] = None,
sticky_client_threshold5g: Optional[str] = None,
sticky_client_threshold6g: Optional[str] = None,
target_wake_time: Optional[str] = None,
tkip_counter_measure: Optional[str] = None,
tunnel_echo_interval: Optional[int] = None,
tunnel_fallback_interval: Optional[int] = None,
usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
utm_log: Optional[str] = None,
utm_profile: Optional[str] = None,
utm_status: Optional[str] = None,
vdomparam: Optional[str] = None,
vlan_auto: Optional[str] = None,
vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
vlan_pooling: Optional[str] = None,
vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
vlanid: Optional[int] = None,
voice_enterprise: Optional[str] = None,
webfilter_profile: Optional[str] = None) -> Vap
func GetVap(ctx *Context, name string, id IDInput, state *VapState, opts ...ResourceOption) (*Vap, error)
public static Vap Get(string name, Input<string> id, VapState? state, CustomResourceOptions? opts = null)
public static Vap get(String name, Output<String> id, VapState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Control stringList - access-control-list profile name.
- Acct
Interim intInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms string - Additional AKMs.
- Address
Group string - Address group ID.
- Address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - Application
List string - Application control list name.
- Application
Report intIntv - Application report interval (30 - 864000 sec, default = 120).
- Atf
Weight int - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - Beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - Broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- Bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - Bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - Bstm
Load intBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- Bstm
Rssi intDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- Captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal intAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - Captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal intSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - Dhcp
Lease intTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - Eap
Reauth intIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - Ft
Mobility intDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - Ft
R0Key intLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback intDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- Gas
Fragmentation intLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - Gtk
Rekey intIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - Local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - Mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - Mac
Filter List<Pulumiverse.Lists Fortios. Wirelesscontroller. Inputs. Vap Mac Filter List> - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Max
Clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients intAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - Mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - Me
Disable intThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - Mpsk
Concurrent intClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- Mpsk
Keys List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - Mpsk
Profile string - MPSK profile name.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - Nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - Nac
Profile string - NAC profile name.
- Name string
- Virtual AP name.
- Nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - Neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - Owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - Pmf
Assoc intComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa intQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - Port
Macauth intReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- Port
Macauth intTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Message Pulumiverse.Overrides Fortios. Wirelesscontroller. Inputs. Vap Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - Ptk
Rekey intIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - Radius
Mac intAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac List<Pulumiverse.Auth Usergroups Fortios. Wirelesscontroller. Inputs. Vap Radius Mac Auth Usergroup> - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - Radius
Mac intMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - Rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - Sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - Schedule string
- VAP schedule name.
- Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Selected Usergroup> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - Sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- Sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - Tunnel
Echo intInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback intInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
List<Pulumiverse.
Fortios. Wirelesscontroller. Inputs. Vap Usergroup> - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - Utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - Vlan
Names List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Name> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - Vlan
Pools List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Vlan Pool> - VLAN pool. The structure of
vlan_pool
block is documented below. - Vlanid int
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - Webfilter
Profile string - WebFilter profile name.
- Access
Control stringList - access-control-list profile name.
- Acct
Interim intInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms string - Additional AKMs.
- Address
Group string - Address group ID.
- Address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - Akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - Application
List string - Application control list name.
- Application
Report intIntv - Application report interval (30 - 864000 sec, default = 120).
- Atf
Weight int - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol.
- Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - Beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - Broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- Bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - Bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - Bstm
Load intBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- Bstm
Rssi intDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- Captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal intAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - Captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal intSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - Dhcp
Lease intTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - Dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - Eap
Reauth intIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - Ft
Mobility intDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - Ft
R0Key intLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback intDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- Gas
Fragmentation intLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - Gtk
Rekey intIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - Key string
- WEP Key.
- Keyindex int
- WEP key index (1 - 4).
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - Local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - Mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - Mac
Filter []VapLists Mac Filter List Args - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - Mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - Max
Clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients intAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - Mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - Me
Disable intThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - Mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - Mpsk
Concurrent intClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- Mpsk
Keys []VapMpsk Key Args - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - Mpsk
Profile string - MPSK profile name.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - Nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - Nac
Profile string - NAC profile name.
- Name string
- Virtual AP name.
- Nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - Neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - Owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - Pmf
Assoc intComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa intQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - Port
Macauth intReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- Port
Macauth intTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Message VapOverrides Portal Message Overrides Args - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - Ptk
Rekey intIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - Radius
Mac intAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac []VapAuth Usergroups Radius Mac Auth Usergroup Args - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - Radius
Mac intMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11a string
- Allowed data rates for 802.11a.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - Rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - Rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- Rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- Rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- Rates11bg string
- Allowed data rates for 802.11b/g.
- Rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - Rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - Sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - Sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - Schedule string
- VAP schedule name.
- Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups []VapSelected Usergroup Args - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - Sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- Sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - Tunnel
Echo intInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback intInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroups
[]Vap
Usergroup Args - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - Utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - Vlan
Names []VapVlan Name Args - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - Vlan
Pools []VapVlan Pool Args - VLAN pool. The structure of
vlan_pool
block is documented below. - Vlanid int
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - Webfilter
Profile string - WebFilter profile name.
- access
Control StringList - access-control-list profile name.
- acct
Interim IntegerInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms String - Additional AKMs.
- address
Group String - Address group ID.
- address
Group StringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List String - Application control list name.
- application
Report IntegerIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight Integer - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertising String - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection String - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression String - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color StringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation StringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load IntegerBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi IntegerDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal String - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal IntegerAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal StringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal StringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal IntegerSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address StringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease IntegerTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth IntegerIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility IntegerDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key IntegerLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback IntegerDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation IntegerLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey IntegerIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key String
- WEP Key.
- keyindex Integer
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication String - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone StringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called StringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling StringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case String - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter List<VapLists Mac Filter List> - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients Integer - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients IntegerAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell StringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable IntegerThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent IntegerClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys List<VapMpsk Key> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile String - MPSK profile name.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac String
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile String - NAC profile name.
- name String
- Virtual AP name.
- nas
Filter StringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report StringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups String - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc IntegerComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa IntegerQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth IntegerReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth IntegerTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message VapOverrides Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey IntegerIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac IntegerAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<VapAuth Usergroups Radius Mac Auth Usergroup> - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac IntegerMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 String - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 String - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 String - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 String - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs StringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs StringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs StringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 String - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 String - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups String - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password String - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule String
- VAP schedule name.
- secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups List<VapSelected Usergroup> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client StringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client StringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo IntegerInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback IntegerInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
List<Vap
Usergroup> - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log String - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names List<VapVlan Name> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools List<VapVlan Pool> - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid Integer
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile String - WebFilter profile name.
- access
Control stringList - access-control-list profile name.
- acct
Interim numberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms string - Additional AKMs.
- address
Group string - Address group ID.
- address
Group stringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only string
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias string
- Alias.
- antivirus
Profile string - AntiVirus profile name.
- application
Detection stringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List string - Application control list name.
- application
Report numberIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight number - Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol.
- auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- beacon
Advertising string - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection string - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color stringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation stringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load numberBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi numberDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal string - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- captive
Portal numberAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal stringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal stringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal numberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address stringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease numberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion string - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort stringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth numberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout string - URL of external authentication logout server.
- external
Web string - URL of external authentication web server.
- external
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility numberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key numberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback numberDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation numberLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey numberIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile string
- Hotspot 2.0 profile name.
- igmp
Snooping string - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor string - IPS sensor name.
- ipv6Rules string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key string
- WEP Key.
- keyindex number
- WEP key index (1 - 4).
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication string - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone stringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called stringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling stringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case string - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter VapLists Mac Filter List[] - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password stringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username stringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients numberAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell stringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable numberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk string
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent numberClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys VapMpsk Key[] - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile string - MPSK profile name.
- mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac string
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile string - NAC profile name.
- name string
- Virtual AP name.
- nas
Filter stringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report stringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups string - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition stringSsid - OWE transition mode peer SSID.
- passphrase string
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc numberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa numberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth string - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth numberReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth numberTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message VapOverrides Portal Message Overrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag stringProfile - Primary wireless access gateway profile name.
- probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey numberIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile string - Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac numberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac VapAuth Usergroups Radius Mac Auth Usergroup[] - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac numberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server string - RADIUS server to be used to authenticate WiFi users.
- rates11a string
- Allowed data rates for 802.11a.
- rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 string - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 string - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs stringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs stringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs stringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg string
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups string - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password string - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule string
- VAP schedule name.
- secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt stringList - Optional security exempt list for captive portal authentication.
- security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups VapSelected Usergroup[] - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client stringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client stringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client stringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo numberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback numberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Vap
Usergroup[] - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log string - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile string - UTM profile name.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names VapVlan Name[] - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools VapVlan Pool[] - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid number
- Optional VLAN ID.
- voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile string - WebFilter profile name.
- access_
control_ strlist - access-control-list profile name.
- acct_
interim_ intinterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_
akms str - Additional AKMs.
- address_
group str - Address group ID.
- address_
group_ strpolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24_
only str - WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias str
- Alias.
- antivirus_
profile str - AntiVirus profile name.
- application_
detection_ strengine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application_
dscp_ strmarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application_
list str - Application control list name.
- application_
report_ intintv - Application report interval (30 - 864000 sec, default = 120).
- atf_
weight int - Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol.
- auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- beacon_
advertising str - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon_
protection str - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast_
ssid str - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast_
suppression str - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss_
color_ strpartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm_
disassociation_ strimminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm_
load_ intbalancing_ disassoc_ timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_
rssi_ intdisassoc_ timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_
portal str - Enable/disable captive portal. Valid values:
enable
,disable
. - captive_
portal_ strac_ name - Local-bridging captive portal ac-name.
- captive_
portal_ intauth_ timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_
portal_ strfw_ accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive_
portal_ strmacauth_ radius_ secret - Secret key to access the macauth RADIUS server.
- captive_
portal_ strmacauth_ radius_ server - Captive portal external RADIUS server domain name or IP address.
- captive_
portal_ strradius_ secret - Secret key to access the RADIUS server.
- captive_
portal_ strradius_ server - Captive portal RADIUS server domain name or IP address.
- captive_
portal_ intsession_ timeout_ interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_
address_ strenforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp_
lease_ inttime - DHCP lease time in seconds for NAT IP address.
- dhcp_
option43_ strinsertion - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp_
option82_ strcircuit_ id_ insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp_
option82_ strinsertion - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp_
option82_ strremote_ id_ insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic_
sort_ strsubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic_
vlan str - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap_
reauth str - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap_
reauth_ intintv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_
key_ strretries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external_
fast_ strroaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external_
logout str - URL of external authentication logout server.
- external_
web str - URL of external authentication web server.
- external_
web_ strformat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast_
bss_ strtransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast_
roaming str - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft_
mobility_ intdomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_
over_ strds - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft_
r0_ intkey_ lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_
comeback_ intdelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_
fragmentation_ intlimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk_
rekey str - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk_
rekey_ intintv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high_
efficiency str - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20_
profile str - Hotspot 2.0 profile name.
- igmp_
snooping str - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra_
vap_ strprivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_
sensor str - IPS sensor name.
- ipv6_
rules str - Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key str
- WEP Key.
- keyindex int
- WEP key index (1 - 4).
- l3_
roaming str - Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3_
roaming_ strmode - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local_
authentication str - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local_
bridging str - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local_
lan str - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local_
standalone str - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local_
standalone_ strdns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local_
standalone_ strdns_ ip - IPv4 addresses for the local standalone DNS.
- local_
standalone_ strnat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac_
auth_ strbypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac_
called_ strstation_ delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
calling_ strstation_ delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
case str - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac_
filter str - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac_
filter_ Sequence[Vaplists Mac Filter List Args] - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac_
filter_ strpolicy_ other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac_
password_ strdelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac_
username_ strdelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max_
clients int - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_
clients_ intap - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo_
cell_ strdata_ conn_ pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me_
disable_ intthresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_
backhaul str - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk str
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk_
concurrent_ intclients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk_
keys Sequence[VapMpsk Key Args] - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk_
profile str - MPSK profile name.
- mu_
mimo str - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast_
enhance str - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast_
rate str - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac str
- Enable/disable network access control. Valid values:
enable
,disable
. - nac_
profile str - NAC profile name.
- name str
- Virtual AP name.
- nas_
filter_ strrule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor_
report_ strdual_ band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe_
groups str - OWE-Groups. Valid values:
19
,20
,21
. - owe_
transition str - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe_
transition_ strssid - OWE transition mode peer SSID.
- passphrase str
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf_
assoc_ intcomeback_ timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_
sa_ intquery_ retry_ timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_
macauth str - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port_
macauth_ intreauth_ timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_
macauth_ inttimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_
message_ stroverride_ group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_
message_ Vapoverrides Portal Message Overrides Args - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal_
type str - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary_
wag_ strprofile - Primary wireless access gateway profile name.
- probe_
resp_ strsuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe_
resp_ strthreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_
rekey str - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk_
rekey_ intintv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos_
profile str - Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_
sensitivity str - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius_
mac_ strauth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius_
mac_ intauth_ block_ interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_
mac_ strauth_ server - RADIUS-based MAC authentication server.
- radius_
mac_ Sequence[Vapauth_ usergroups Radius Mac Auth Usergroup Args] - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius_
mac_ strmpsk_ auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius_
mac_ intmpsk_ timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_
server str - RADIUS server to be used to authenticate WiFi users.
- rates11a str
- Allowed data rates for 802.11a.
- rates11ac_
mcs_ strmap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_
ss12 str - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac_
ss34 str - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax_
mcs_ strmap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_
ss12 str - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax_
ss34 str - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be_
mcs_ strmap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be_
mcs_ strmap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be_
mcs_ strmap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg str
- Allowed data rates for 802.11b/g.
- rates11n_
ss12 str - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n_
ss34 str - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming_
acct_ strinterim_ update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae_
groups str - SAE-Groups. Valid values:
19
,20
,21
. - sae_
h2e_ stronly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae_
hnp_ stronly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae_
password str - WPA3 SAE password to be used to authenticate WiFi users.
- sae_
pk str - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae_
private_ strkey - Private key used for WPA3 SAE-PK authentication.
- scan_
botnet_ strconnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule str
- VAP schedule name.
- secondary_
wag_ strprofile - Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal).
- security_
exempt_ strlist - Optional security exempt list for captive portal authentication.
- security_
obsolete_ stroption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security_
redirect_ strurl - Optional URL for redirecting users after they pass captive portal authentication.
- selected_
usergroups Sequence[VapSelected Usergroup Args] - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split_
tunneling str - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_
client_ strremove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky_
client_ strthreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_
client_ strthreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_
client_ strthreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_
wake_ strtime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip_
counter_ strmeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel_
echo_ intinterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_
fallback_ intinterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups
Sequence[Vap
Usergroup Args] - Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm_
log str - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm_
profile str - UTM profile name.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan_
auto str - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan_
names Sequence[VapVlan Name Args] - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan_
pooling str - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan_
pools Sequence[VapVlan Pool Args] - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid int
- Optional VLAN ID.
- voice_
enterprise str - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter_
profile str - WebFilter profile name.
- access
Control StringList - access-control-list profile name.
- acct
Interim NumberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms String - Additional AKMs.
- address
Group String - Address group ID.
- address
Group StringPolicy - Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values:
disable
,allow
,deny
. - akm24Only String
- WPA3 SAE using group-dependent hash only (default = disable). Valid values:
disable
,enable
. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Enable/disable application detection engine (default = disable). Valid values:
enable
,disable
. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
enable
,disable
. - application
List String - Application control list name.
- application
Report NumberIntv - Application report interval (30 - 864000 sec, default = 120).
- atf
Weight Number - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol.
- auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertising String - Fortinet beacon advertising IE data (default = empty). Valid values:
name
,model
,serial-number
. - beacon
Protection String - Enable/disable beacon protection support (default = disable). Valid values:
disable
,enable
. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
enable
,disable
. - broadcast
Suppression String - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
- bss
Color StringPartial - Enable/disable 802.11ax partial BSS color (default = enable). Valid values:
enable
,disable
. - bstm
Disassociation StringImminent - Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values:
enable
,disable
. - bstm
Load NumberBalancing Disassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm
Rssi NumberDisassoc Timer - Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive
Portal String - Enable/disable captive portal. Valid values:
enable
,disable
. - captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal NumberAuth Timeout - Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
enable
,disable
. - captive
Portal StringMacauth Radius Secret - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal StringRadius Secret - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal NumberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- dhcp
Address StringEnforcement - Enable/disable DHCP address enforcement (default = disable). Valid values:
enable
,disable
. - dhcp
Lease NumberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Enable/disable insertion of DHCP option 43 (default = enable). Valid values:
enable
,disable
. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable).
- dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
enable
,disable
. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
style-1
,disable
. - dynamic
Sort StringSubtable - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
enable
,disable
. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
enable
,disable
. - eap
Reauth NumberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable
,enable
. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP
,AES
,TKIP-AES
. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
enable
,disable
. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect
,no-query-string
,partial-query-string
. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable
,enable
. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
enable
,disable
. - ft
Mobility NumberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable
,enable
. - ft
R0Key NumberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback NumberDelay - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas
Fragmentation NumberLimit - GAS fragmentation limit (512 - 4096, default = 1024).
- get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
enable
,disable
. - gtk
Rekey NumberIntv - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
enable
,disable
. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Enable/disable IGMP snooping. Valid values:
enable
,disable
. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
enable
,disable
. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules String
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values:
drop-icmp6ra
,drop-icmp6rs
,drop-llmnr6
,drop-icmp6mld2
,drop-dhcp6s
,drop-dhcp6c
,ndp-proxy
,drop-ns-dad
,drop-ns-nondad
. - key String
- WEP Key.
- keyindex Number
- WEP key index (1 - 4).
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values:
enable
,disable
. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct
,indirect
. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable
,rx
,tx
,rxtx
. - local
Authentication String - Enable/disable AP local authentication. Valid values:
enable
,disable
. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
enable
,disable
. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
allow
,deny
. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
enable
,disable
. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
enable
,disable
. - local
Standalone StringDns Ip - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
enable
,disable
. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
enable
,disable
. - mac
Called StringStation Delimiter - MAC called station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Calling StringStation Delimiter - MAC calling station delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Case String - MAC case (default = uppercase). Valid values:
uppercase
,lowercase
. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
enable
,disable
. - mac
Filter List<Property Map>Lists - Create a list of MAC addresses for MAC address filtering. The structure of
mac_filter_list
block is documented below. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
allow
,deny
. - mac
Password StringDelimiter - MAC authentication password delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - mac
Username StringDelimiter - MAC authentication username delimiter (default = hyphen). Valid values:
hyphen
,single-hyphen
,colon
,none
. - max
Clients Number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients NumberAp - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values:
disable
,enable
. - mbo
Cell StringData Conn Pref - MBO cell data connection preference (0, 1, or 255, default = 1). Valid values:
excluded
,prefer-not
,prefer-use
. - me
Disable NumberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
enable
,disable
. - mpsk String
- Enable/disable multiple pre-shared keys (PSKs.) Valid values:
enable
,disable
. - mpsk
Concurrent NumberClients - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
- mpsk
Keys List<Property Map> - Pre-shared keys that can be used to connect to this virtual access point. The structure of
mpsk_key
block is documented below. - mpsk
Profile String - MPSK profile name.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
enable
,disable
. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
enable
,disable
. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0
,6000
,12000
,24000
. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable
,enable
. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable
,enable
. - nac String
- Enable/disable network access control. Valid values:
enable
,disable
. - nac
Profile String - NAC profile name.
- name String
- Virtual AP name.
- nas
Filter StringRule - Enable/disable NAS filter rule support (default = disable). Valid values:
enable
,disable
. - neighbor
Report StringDual Band - Enable/disable dual-band neighbor report (default = disable). Valid values:
disable
,enable
. - okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable
,enable
. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
enable
,disable
. - owe
Groups String - OWE-Groups. Valid values:
19
,20
,21
. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable
,enable
. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrase String
- WPA pre-shard key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable
,enable
,optional
. - pmf
Assoc NumberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa NumberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Enable/disable LAN port MAC authentication (default = disable). Valid values:
disable
,radius
,address-group
. - port
Macauth NumberReauth Timeout - LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port
Macauth NumberTimeout - LAN port MAC authentication idle timeout value (default = 600 sec).
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Message Property MapOverrides - Individual message overrides. The structure of
portal_message_overrides
block is documented below. - portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
- primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
enable
,disable
. - ptk
Rekey NumberIntv - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
enable
,disable
. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
enable
,disable
. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
enable
,disable
. - radius
Mac NumberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<Property Map>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication. The structure of
radius_mac_auth_usergroups
block is documented below. - radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
enable
,disable
. - radius
Mac NumberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11a String
- Allowed data rates for 802.11a.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12 String - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ac
Ss34 String - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12 String - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/1
,mcs9/1
,mcs10/1
,mcs11/1
,mcs0/2
,mcs1/2
,mcs2/2
,mcs3/2
,mcs4/2
,mcs5/2
,mcs6/2
,mcs7/2
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
. - rates11ax
Ss34 String - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3
,mcs1/3
,mcs2/3
,mcs3/3
,mcs4/3
,mcs5/3
,mcs6/3
,mcs7/3
,mcs8/3
,mcs9/3
,mcs10/3
,mcs11/3
,mcs0/4
,mcs1/4
,mcs2/4
,mcs3/4
,mcs4/4
,mcs5/4
,mcs6/4
,mcs7/4
,mcs8/4
,mcs9/4
,mcs10/4
,mcs11/4
. - rates11be
Mcs StringMap - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
- rates11be
Mcs StringMap160 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
- rates11be
Mcs StringMap320 - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
- rates11bg String
- Allowed data rates for 802.11b/g.
- rates11n
Ss12 String - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1
,mcs1/1
,mcs2/1
,mcs3/1
,mcs4/1
,mcs5/1
,mcs6/1
,mcs7/1
,mcs8/2
,mcs9/2
,mcs10/2
,mcs11/2
,mcs12/2
,mcs13/2
,mcs14/2
,mcs15/2
. - rates11n
Ss34 String - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3
,mcs17/3
,mcs18/3
,mcs19/3
,mcs20/3
,mcs21/3
,mcs22/3
,mcs23/3
,mcs24/4
,mcs25/4
,mcs26/4
,mcs27/4
,mcs28/4
,mcs29/4
,mcs30/4
,mcs31/4
. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
enable
,disable
. - sae
Groups String - SAE-Groups. Valid values:
19
,20
,21
. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
enable
,disable
. - sae
Password String - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
enable
,disable
. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable
,monitor
,block
. - schedule String
- VAP schedule name.
- secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal).
- security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
enable
,disable
. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups List<Property Map> - Selective user groups that are permitted to authenticate. The structure of
selected_usergroups
block is documented below. - split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
enable
,disable
. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values:
enable
,disable
. - sticky
Client StringThreshold2g - Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky
Client StringThreshold5g - Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
enable
,disable
. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
enable
,disable
. - tunnel
Echo NumberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback NumberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroups List<Property Map>
- Firewall user group to be used to authenticate WiFi users. The structure of
usergroup
block is documented below. - utm
Log String - Enable/disable UTM logging. Valid values:
enable
,disable
. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
enable
,disable
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
enable
,disable
. - vlan
Names List<Property Map> - Table for mapping VLAN name to VLAN ID. The structure of
vlan_name
block is documented below. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group
,round-robin
,hash
,disable
. - vlan
Pools List<Property Map> - VLAN pool. The structure of
vlan_pool
block is documented below. - vlanid Number
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable
,enable
. - webfilter
Profile String - WebFilter profile name.
Supporting Types
VapMacFilterList, VapMacFilterListArgs
- Id int
- ID.
- Mac string
- MAC address.
- Mac
Filter stringPolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
- Id int
- ID.
- Mac string
- MAC address.
- Mac
Filter stringPolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
- id Integer
- ID.
- mac String
- MAC address.
- mac
Filter StringPolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
- id number
- ID.
- mac string
- MAC address.
- mac
Filter stringPolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
- id int
- ID.
- mac str
- MAC address.
- mac_
filter_ strpolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
- id Number
- ID.
- mac String
- MAC address.
- mac
Filter StringPolicy - Deny or allow the client with this MAC address. Valid values:
allow
,deny
.
VapMpskKey, VapMpskKeyArgs
- Comment string
- Comment.
- Concurrent
Clients string - Number of clients that can connect using this pre-shared key.
- Key
Name string - Pre-shared key name.
- Mpsk
Schedules List<Pulumiverse.Fortios. Wirelesscontroller. Inputs. Vap Mpsk Key Mpsk Schedule> - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - Passphrase string
- WPA Pre-shared key.
- Comment string
- Comment.
- Concurrent
Clients string - Number of clients that can connect using this pre-shared key.
- Key
Name string - Pre-shared key name.
- Mpsk
Schedules []VapMpsk Key Mpsk Schedule - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - Passphrase string
- WPA Pre-shared key.
- comment String
- Comment.
- concurrent
Clients String - Number of clients that can connect using this pre-shared key.
- key
Name String - Pre-shared key name.
- mpsk
Schedules List<VapMpsk Key Mpsk Schedule> - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - passphrase String
- WPA Pre-shared key.
- comment string
- Comment.
- concurrent
Clients string - Number of clients that can connect using this pre-shared key.
- key
Name string - Pre-shared key name.
- mpsk
Schedules VapMpsk Key Mpsk Schedule[] - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - passphrase string
- WPA Pre-shared key.
- comment str
- Comment.
- concurrent_
clients str - Number of clients that can connect using this pre-shared key.
- key_
name str - Pre-shared key name.
- mpsk_
schedules Sequence[VapMpsk Key Mpsk Schedule] - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - passphrase str
- WPA Pre-shared key.
- comment String
- Comment.
- concurrent
Clients String - Number of clients that can connect using this pre-shared key.
- key
Name String - Pre-shared key name.
- mpsk
Schedules List<Property Map> - Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of
mpsk_schedules
block is documented below. - passphrase String
- WPA Pre-shared key.
VapMpskKeyMpskSchedule, VapMpskKeyMpskScheduleArgs
- Name string
- Schedule name.
- Name string
- Schedule name.
- name String
- Schedule name.
- name string
- Schedule name.
- name str
- Schedule name.
- name String
- Schedule name.
VapPortalMessageOverrides, VapPortalMessageOverridesArgs
- Auth
Disclaimer stringPage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- Auth
Login stringFailed Page - Override auth-login-failed-page message with message from portal-message-overrides group.
- Auth
Login stringPage - Override auth-login-page message with message from portal-message-overrides group.
- Auth
Reject stringPage - Override auth-reject-page message with message from portal-message-overrides group.
- Auth
Disclaimer stringPage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- Auth
Login stringFailed Page - Override auth-login-failed-page message with message from portal-message-overrides group.
- Auth
Login stringPage - Override auth-login-page message with message from portal-message-overrides group.
- Auth
Reject stringPage - Override auth-reject-page message with message from portal-message-overrides group.
- auth
Disclaimer StringPage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth
Login StringFailed Page - Override auth-login-failed-page message with message from portal-message-overrides group.
- auth
Login StringPage - Override auth-login-page message with message from portal-message-overrides group.
- auth
Reject StringPage - Override auth-reject-page message with message from portal-message-overrides group.
- auth
Disclaimer stringPage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth
Login stringFailed Page - Override auth-login-failed-page message with message from portal-message-overrides group.
- auth
Login stringPage - Override auth-login-page message with message from portal-message-overrides group.
- auth
Reject stringPage - Override auth-reject-page message with message from portal-message-overrides group.
- auth_
disclaimer_ strpage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth_
login_ strfailed_ page - Override auth-login-failed-page message with message from portal-message-overrides group.
- auth_
login_ strpage - Override auth-login-page message with message from portal-message-overrides group.
- auth_
reject_ strpage - Override auth-reject-page message with message from portal-message-overrides group.
- auth
Disclaimer StringPage - Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth
Login StringFailed Page - Override auth-login-failed-page message with message from portal-message-overrides group.
- auth
Login StringPage - Override auth-login-page message with message from portal-message-overrides group.
- auth
Reject StringPage - Override auth-reject-page message with message from portal-message-overrides group.
VapRadiusMacAuthUsergroup, VapRadiusMacAuthUsergroupArgs
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapSelectedUsergroup, VapSelectedUsergroupArgs
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapUsergroup, VapUsergroupArgs
- Name string
- User group name.
- Name string
- User group name.
- name String
- User group name.
- name string
- User group name.
- name str
- User group name.
- name String
- User group name.
VapVlanName, VapVlanNameArgs
VapVlanPool, VapVlanPoolArgs
Import
WirelessController Vap can be imported using any of these accepted formats:
$ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.