1. Packages
  2. Fortios
  3. API Docs
  4. wirelesscontroller
  5. Vap
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.wirelesscontroller.Vap

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    Configure Virtual Access Points (VAPs).

    Create Vap Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Vap(name: string, args?: VapArgs, opts?: CustomResourceOptions);
    @overload
    def Vap(resource_name: str,
            args: Optional[VapArgs] = None,
            opts: Optional[ResourceOptions] = None)
    
    @overload
    def Vap(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            access_control_list: Optional[str] = None,
            acct_interim_interval: Optional[int] = None,
            additional_akms: Optional[str] = None,
            address_group: Optional[str] = None,
            address_group_policy: Optional[str] = None,
            akm24_only: Optional[str] = None,
            alias: Optional[str] = None,
            antivirus_profile: Optional[str] = None,
            application_detection_engine: Optional[str] = None,
            application_dscp_marking: Optional[str] = None,
            application_list: Optional[str] = None,
            application_report_intv: Optional[int] = None,
            atf_weight: Optional[int] = None,
            auth: Optional[str] = None,
            auth_cert: Optional[str] = None,
            auth_portal_addr: Optional[str] = None,
            beacon_advertising: Optional[str] = None,
            beacon_protection: Optional[str] = None,
            broadcast_ssid: Optional[str] = None,
            broadcast_suppression: Optional[str] = None,
            bss_color_partial: Optional[str] = None,
            bstm_disassociation_imminent: Optional[str] = None,
            bstm_load_balancing_disassoc_timer: Optional[int] = None,
            bstm_rssi_disassoc_timer: Optional[int] = None,
            captive_portal: Optional[str] = None,
            captive_portal_ac_name: Optional[str] = None,
            captive_portal_auth_timeout: Optional[int] = None,
            captive_portal_fw_accounting: Optional[str] = None,
            captive_portal_macauth_radius_secret: Optional[str] = None,
            captive_portal_macauth_radius_server: Optional[str] = None,
            captive_portal_radius_secret: Optional[str] = None,
            captive_portal_radius_server: Optional[str] = None,
            captive_portal_session_timeout_interval: Optional[int] = None,
            dhcp_address_enforcement: Optional[str] = None,
            dhcp_lease_time: Optional[int] = None,
            dhcp_option43_insertion: Optional[str] = None,
            dhcp_option82_circuit_id_insertion: Optional[str] = None,
            dhcp_option82_insertion: Optional[str] = None,
            dhcp_option82_remote_id_insertion: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            dynamic_vlan: Optional[str] = None,
            eap_reauth: Optional[str] = None,
            eap_reauth_intv: Optional[int] = None,
            eapol_key_retries: Optional[str] = None,
            encrypt: Optional[str] = None,
            external_fast_roaming: Optional[str] = None,
            external_logout: Optional[str] = None,
            external_web: Optional[str] = None,
            external_web_format: Optional[str] = None,
            fast_bss_transition: Optional[str] = None,
            fast_roaming: Optional[str] = None,
            ft_mobility_domain: Optional[int] = None,
            ft_over_ds: Optional[str] = None,
            ft_r0_key_lifetime: Optional[int] = None,
            gas_comeback_delay: Optional[int] = None,
            gas_fragmentation_limit: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            gtk_rekey: Optional[str] = None,
            gtk_rekey_intv: Optional[int] = None,
            high_efficiency: Optional[str] = None,
            hotspot20_profile: Optional[str] = None,
            igmp_snooping: Optional[str] = None,
            intra_vap_privacy: Optional[str] = None,
            ip: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            ipv6_rules: Optional[str] = None,
            key: Optional[str] = None,
            keyindex: Optional[int] = None,
            l3_roaming: Optional[str] = None,
            l3_roaming_mode: Optional[str] = None,
            ldpc: Optional[str] = None,
            local_authentication: Optional[str] = None,
            local_bridging: Optional[str] = None,
            local_lan: Optional[str] = None,
            local_standalone: Optional[str] = None,
            local_standalone_dns: Optional[str] = None,
            local_standalone_dns_ip: Optional[str] = None,
            local_standalone_nat: Optional[str] = None,
            mac_auth_bypass: Optional[str] = None,
            mac_called_station_delimiter: Optional[str] = None,
            mac_calling_station_delimiter: Optional[str] = None,
            mac_case: Optional[str] = None,
            mac_filter: Optional[str] = None,
            mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
            mac_filter_policy_other: Optional[str] = None,
            mac_password_delimiter: Optional[str] = None,
            mac_username_delimiter: Optional[str] = None,
            max_clients: Optional[int] = None,
            max_clients_ap: Optional[int] = None,
            mbo: Optional[str] = None,
            mbo_cell_data_conn_pref: Optional[str] = None,
            me_disable_thresh: Optional[int] = None,
            mesh_backhaul: Optional[str] = None,
            mpsk: Optional[str] = None,
            mpsk_concurrent_clients: Optional[int] = None,
            mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
            mpsk_profile: Optional[str] = None,
            mu_mimo: Optional[str] = None,
            multicast_enhance: Optional[str] = None,
            multicast_rate: Optional[str] = None,
            n80211k: Optional[str] = None,
            n80211v: Optional[str] = None,
            nac: Optional[str] = None,
            nac_profile: Optional[str] = None,
            name: Optional[str] = None,
            nas_filter_rule: Optional[str] = None,
            neighbor_report_dual_band: Optional[str] = None,
            okc: Optional[str] = None,
            osen: Optional[str] = None,
            owe_groups: Optional[str] = None,
            owe_transition: Optional[str] = None,
            owe_transition_ssid: Optional[str] = None,
            passphrase: Optional[str] = None,
            pmf: Optional[str] = None,
            pmf_assoc_comeback_timeout: Optional[int] = None,
            pmf_sa_query_retry_timeout: Optional[int] = None,
            port_macauth: Optional[str] = None,
            port_macauth_reauth_timeout: Optional[int] = None,
            port_macauth_timeout: Optional[int] = None,
            portal_message_override_group: Optional[str] = None,
            portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
            portal_type: Optional[str] = None,
            primary_wag_profile: Optional[str] = None,
            probe_resp_suppression: Optional[str] = None,
            probe_resp_threshold: Optional[str] = None,
            ptk_rekey: Optional[str] = None,
            ptk_rekey_intv: Optional[int] = None,
            qos_profile: Optional[str] = None,
            quarantine: Optional[str] = None,
            radio2g_threshold: Optional[str] = None,
            radio5g_threshold: Optional[str] = None,
            radio_sensitivity: Optional[str] = None,
            radius_mac_auth: Optional[str] = None,
            radius_mac_auth_block_interval: Optional[int] = None,
            radius_mac_auth_server: Optional[str] = None,
            radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
            radius_mac_mpsk_auth: Optional[str] = None,
            radius_mac_mpsk_timeout: Optional[int] = None,
            radius_server: Optional[str] = None,
            rates11a: Optional[str] = None,
            rates11ac_mcs_map: Optional[str] = None,
            rates11ac_ss12: Optional[str] = None,
            rates11ac_ss34: Optional[str] = None,
            rates11ax_mcs_map: Optional[str] = None,
            rates11ax_ss12: Optional[str] = None,
            rates11ax_ss34: Optional[str] = None,
            rates11be_mcs_map: Optional[str] = None,
            rates11be_mcs_map160: Optional[str] = None,
            rates11be_mcs_map320: Optional[str] = None,
            rates11bg: Optional[str] = None,
            rates11n_ss12: Optional[str] = None,
            rates11n_ss34: Optional[str] = None,
            roaming_acct_interim_update: Optional[str] = None,
            sae_groups: Optional[str] = None,
            sae_h2e_only: Optional[str] = None,
            sae_hnp_only: Optional[str] = None,
            sae_password: Optional[str] = None,
            sae_pk: Optional[str] = None,
            sae_private_key: Optional[str] = None,
            scan_botnet_connections: Optional[str] = None,
            schedule: Optional[str] = None,
            secondary_wag_profile: Optional[str] = None,
            security: Optional[str] = None,
            security_exempt_list: Optional[str] = None,
            security_obsolete_option: Optional[str] = None,
            security_redirect_url: Optional[str] = None,
            selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
            split_tunneling: Optional[str] = None,
            ssid: Optional[str] = None,
            sticky_client_remove: Optional[str] = None,
            sticky_client_threshold2g: Optional[str] = None,
            sticky_client_threshold5g: Optional[str] = None,
            sticky_client_threshold6g: Optional[str] = None,
            target_wake_time: Optional[str] = None,
            tkip_counter_measure: Optional[str] = None,
            tunnel_echo_interval: Optional[int] = None,
            tunnel_fallback_interval: Optional[int] = None,
            usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
            utm_log: Optional[str] = None,
            utm_profile: Optional[str] = None,
            utm_status: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vlan_auto: Optional[str] = None,
            vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
            vlan_pooling: Optional[str] = None,
            vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
            vlanid: Optional[int] = None,
            voice_enterprise: Optional[str] = None,
            webfilter_profile: Optional[str] = None)
    func NewVap(ctx *Context, name string, args *VapArgs, opts ...ResourceOption) (*Vap, error)
    public Vap(string name, VapArgs? args = null, CustomResourceOptions? opts = null)
    public Vap(String name, VapArgs args)
    public Vap(String name, VapArgs args, CustomResourceOptions options)
    
    type: fortios:wirelesscontroller:Vap
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VapArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VapArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VapArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VapArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VapArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var vapResource = new Fortios.Wirelesscontroller.Vap("vapResource", new()
    {
        AccessControlList = "string",
        AcctInterimInterval = 0,
        AdditionalAkms = "string",
        AddressGroup = "string",
        AddressGroupPolicy = "string",
        Akm24Only = "string",
        Alias = "string",
        AntivirusProfile = "string",
        ApplicationDetectionEngine = "string",
        ApplicationDscpMarking = "string",
        ApplicationList = "string",
        ApplicationReportIntv = 0,
        AtfWeight = 0,
        Auth = "string",
        AuthCert = "string",
        AuthPortalAddr = "string",
        BeaconAdvertising = "string",
        BeaconProtection = "string",
        BroadcastSsid = "string",
        BroadcastSuppression = "string",
        BssColorPartial = "string",
        BstmDisassociationImminent = "string",
        BstmLoadBalancingDisassocTimer = 0,
        BstmRssiDisassocTimer = 0,
        CaptivePortal = "string",
        CaptivePortalAcName = "string",
        CaptivePortalAuthTimeout = 0,
        CaptivePortalFwAccounting = "string",
        CaptivePortalMacauthRadiusSecret = "string",
        CaptivePortalMacauthRadiusServer = "string",
        CaptivePortalRadiusSecret = "string",
        CaptivePortalRadiusServer = "string",
        CaptivePortalSessionTimeoutInterval = 0,
        DhcpAddressEnforcement = "string",
        DhcpLeaseTime = 0,
        DhcpOption43Insertion = "string",
        DhcpOption82CircuitIdInsertion = "string",
        DhcpOption82Insertion = "string",
        DhcpOption82RemoteIdInsertion = "string",
        DynamicSortSubtable = "string",
        DynamicVlan = "string",
        EapReauth = "string",
        EapReauthIntv = 0,
        EapolKeyRetries = "string",
        Encrypt = "string",
        ExternalFastRoaming = "string",
        ExternalLogout = "string",
        ExternalWeb = "string",
        ExternalWebFormat = "string",
        FastBssTransition = "string",
        FastRoaming = "string",
        FtMobilityDomain = 0,
        FtOverDs = "string",
        FtR0KeyLifetime = 0,
        GasComebackDelay = 0,
        GasFragmentationLimit = 0,
        GetAllTables = "string",
        GtkRekey = "string",
        GtkRekeyIntv = 0,
        HighEfficiency = "string",
        Hotspot20Profile = "string",
        IgmpSnooping = "string",
        IntraVapPrivacy = "string",
        Ip = "string",
        IpsSensor = "string",
        Ipv6Rules = "string",
        Key = "string",
        Keyindex = 0,
        L3Roaming = "string",
        L3RoamingMode = "string",
        Ldpc = "string",
        LocalAuthentication = "string",
        LocalBridging = "string",
        LocalLan = "string",
        LocalStandalone = "string",
        LocalStandaloneDns = "string",
        LocalStandaloneDnsIp = "string",
        LocalStandaloneNat = "string",
        MacAuthBypass = "string",
        MacCalledStationDelimiter = "string",
        MacCallingStationDelimiter = "string",
        MacCase = "string",
        MacFilter = "string",
        MacFilterLists = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapMacFilterListArgs
            {
                Id = 0,
                Mac = "string",
                MacFilterPolicy = "string",
            },
        },
        MacFilterPolicyOther = "string",
        MacPasswordDelimiter = "string",
        MacUsernameDelimiter = "string",
        MaxClients = 0,
        MaxClientsAp = 0,
        Mbo = "string",
        MboCellDataConnPref = "string",
        MeDisableThresh = 0,
        MeshBackhaul = "string",
        Mpsk = "string",
        MpskConcurrentClients = 0,
        MpskKeys = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapMpskKeyArgs
            {
                Comment = "string",
                ConcurrentClients = "string",
                KeyName = "string",
                MpskSchedules = new[]
                {
                    new Fortios.Wirelesscontroller.Inputs.VapMpskKeyMpskScheduleArgs
                    {
                        Name = "string",
                    },
                },
                Passphrase = "string",
            },
        },
        MpskProfile = "string",
        MuMimo = "string",
        MulticastEnhance = "string",
        MulticastRate = "string",
        N80211k = "string",
        N80211v = "string",
        Nac = "string",
        NacProfile = "string",
        Name = "string",
        NasFilterRule = "string",
        NeighborReportDualBand = "string",
        Okc = "string",
        Osen = "string",
        OweGroups = "string",
        OweTransition = "string",
        OweTransitionSsid = "string",
        Passphrase = "string",
        Pmf = "string",
        PmfAssocComebackTimeout = 0,
        PmfSaQueryRetryTimeout = 0,
        PortMacauth = "string",
        PortMacauthReauthTimeout = 0,
        PortMacauthTimeout = 0,
        PortalMessageOverrideGroup = "string",
        PortalMessageOverrides = new Fortios.Wirelesscontroller.Inputs.VapPortalMessageOverridesArgs
        {
            AuthDisclaimerPage = "string",
            AuthLoginFailedPage = "string",
            AuthLoginPage = "string",
            AuthRejectPage = "string",
        },
        PortalType = "string",
        PrimaryWagProfile = "string",
        ProbeRespSuppression = "string",
        ProbeRespThreshold = "string",
        PtkRekey = "string",
        PtkRekeyIntv = 0,
        QosProfile = "string",
        Quarantine = "string",
        Radio2gThreshold = "string",
        Radio5gThreshold = "string",
        RadioSensitivity = "string",
        RadiusMacAuth = "string",
        RadiusMacAuthBlockInterval = 0,
        RadiusMacAuthServer = "string",
        RadiusMacAuthUsergroups = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapRadiusMacAuthUsergroupArgs
            {
                Name = "string",
            },
        },
        RadiusMacMpskAuth = "string",
        RadiusMacMpskTimeout = 0,
        RadiusServer = "string",
        Rates11a = "string",
        Rates11acMcsMap = "string",
        Rates11acSs12 = "string",
        Rates11acSs34 = "string",
        Rates11axMcsMap = "string",
        Rates11axSs12 = "string",
        Rates11axSs34 = "string",
        Rates11beMcsMap = "string",
        Rates11beMcsMap160 = "string",
        Rates11beMcsMap320 = "string",
        Rates11bg = "string",
        Rates11nSs12 = "string",
        Rates11nSs34 = "string",
        RoamingAcctInterimUpdate = "string",
        SaeGroups = "string",
        SaeH2eOnly = "string",
        SaeHnpOnly = "string",
        SaePassword = "string",
        SaePk = "string",
        SaePrivateKey = "string",
        ScanBotnetConnections = "string",
        Schedule = "string",
        SecondaryWagProfile = "string",
        Security = "string",
        SecurityExemptList = "string",
        SecurityObsoleteOption = "string",
        SecurityRedirectUrl = "string",
        SelectedUsergroups = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapSelectedUsergroupArgs
            {
                Name = "string",
            },
        },
        SplitTunneling = "string",
        Ssid = "string",
        StickyClientRemove = "string",
        StickyClientThreshold2g = "string",
        StickyClientThreshold5g = "string",
        StickyClientThreshold6g = "string",
        TargetWakeTime = "string",
        TkipCounterMeasure = "string",
        TunnelEchoInterval = 0,
        TunnelFallbackInterval = 0,
        Usergroups = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapUsergroupArgs
            {
                Name = "string",
            },
        },
        UtmLog = "string",
        UtmProfile = "string",
        UtmStatus = "string",
        Vdomparam = "string",
        VlanAuto = "string",
        VlanNames = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapVlanNameArgs
            {
                Name = "string",
                VlanId = 0,
            },
        },
        VlanPooling = "string",
        VlanPools = new[]
        {
            new Fortios.Wirelesscontroller.Inputs.VapVlanPoolArgs
            {
                Id = 0,
                WtpGroup = "string",
            },
        },
        Vlanid = 0,
        VoiceEnterprise = "string",
        WebfilterProfile = "string",
    });
    
    example, err := wirelesscontroller.NewVap(ctx, "vapResource", &wirelesscontroller.VapArgs{
    	AccessControlList:                   pulumi.String("string"),
    	AcctInterimInterval:                 pulumi.Int(0),
    	AdditionalAkms:                      pulumi.String("string"),
    	AddressGroup:                        pulumi.String("string"),
    	AddressGroupPolicy:                  pulumi.String("string"),
    	Akm24Only:                           pulumi.String("string"),
    	Alias:                               pulumi.String("string"),
    	AntivirusProfile:                    pulumi.String("string"),
    	ApplicationDetectionEngine:          pulumi.String("string"),
    	ApplicationDscpMarking:              pulumi.String("string"),
    	ApplicationList:                     pulumi.String("string"),
    	ApplicationReportIntv:               pulumi.Int(0),
    	AtfWeight:                           pulumi.Int(0),
    	Auth:                                pulumi.String("string"),
    	AuthCert:                            pulumi.String("string"),
    	AuthPortalAddr:                      pulumi.String("string"),
    	BeaconAdvertising:                   pulumi.String("string"),
    	BeaconProtection:                    pulumi.String("string"),
    	BroadcastSsid:                       pulumi.String("string"),
    	BroadcastSuppression:                pulumi.String("string"),
    	BssColorPartial:                     pulumi.String("string"),
    	BstmDisassociationImminent:          pulumi.String("string"),
    	BstmLoadBalancingDisassocTimer:      pulumi.Int(0),
    	BstmRssiDisassocTimer:               pulumi.Int(0),
    	CaptivePortal:                       pulumi.String("string"),
    	CaptivePortalAcName:                 pulumi.String("string"),
    	CaptivePortalAuthTimeout:            pulumi.Int(0),
    	CaptivePortalFwAccounting:           pulumi.String("string"),
    	CaptivePortalMacauthRadiusSecret:    pulumi.String("string"),
    	CaptivePortalMacauthRadiusServer:    pulumi.String("string"),
    	CaptivePortalRadiusSecret:           pulumi.String("string"),
    	CaptivePortalRadiusServer:           pulumi.String("string"),
    	CaptivePortalSessionTimeoutInterval: pulumi.Int(0),
    	DhcpAddressEnforcement:              pulumi.String("string"),
    	DhcpLeaseTime:                       pulumi.Int(0),
    	DhcpOption43Insertion:               pulumi.String("string"),
    	DhcpOption82CircuitIdInsertion:      pulumi.String("string"),
    	DhcpOption82Insertion:               pulumi.String("string"),
    	DhcpOption82RemoteIdInsertion:       pulumi.String("string"),
    	DynamicSortSubtable:                 pulumi.String("string"),
    	DynamicVlan:                         pulumi.String("string"),
    	EapReauth:                           pulumi.String("string"),
    	EapReauthIntv:                       pulumi.Int(0),
    	EapolKeyRetries:                     pulumi.String("string"),
    	Encrypt:                             pulumi.String("string"),
    	ExternalFastRoaming:                 pulumi.String("string"),
    	ExternalLogout:                      pulumi.String("string"),
    	ExternalWeb:                         pulumi.String("string"),
    	ExternalWebFormat:                   pulumi.String("string"),
    	FastBssTransition:                   pulumi.String("string"),
    	FastRoaming:                         pulumi.String("string"),
    	FtMobilityDomain:                    pulumi.Int(0),
    	FtOverDs:                            pulumi.String("string"),
    	FtR0KeyLifetime:                     pulumi.Int(0),
    	GasComebackDelay:                    pulumi.Int(0),
    	GasFragmentationLimit:               pulumi.Int(0),
    	GetAllTables:                        pulumi.String("string"),
    	GtkRekey:                            pulumi.String("string"),
    	GtkRekeyIntv:                        pulumi.Int(0),
    	HighEfficiency:                      pulumi.String("string"),
    	Hotspot20Profile:                    pulumi.String("string"),
    	IgmpSnooping:                        pulumi.String("string"),
    	IntraVapPrivacy:                     pulumi.String("string"),
    	Ip:                                  pulumi.String("string"),
    	IpsSensor:                           pulumi.String("string"),
    	Ipv6Rules:                           pulumi.String("string"),
    	Key:                                 pulumi.String("string"),
    	Keyindex:                            pulumi.Int(0),
    	L3Roaming:                           pulumi.String("string"),
    	L3RoamingMode:                       pulumi.String("string"),
    	Ldpc:                                pulumi.String("string"),
    	LocalAuthentication:                 pulumi.String("string"),
    	LocalBridging:                       pulumi.String("string"),
    	LocalLan:                            pulumi.String("string"),
    	LocalStandalone:                     pulumi.String("string"),
    	LocalStandaloneDns:                  pulumi.String("string"),
    	LocalStandaloneDnsIp:                pulumi.String("string"),
    	LocalStandaloneNat:                  pulumi.String("string"),
    	MacAuthBypass:                       pulumi.String("string"),
    	MacCalledStationDelimiter:           pulumi.String("string"),
    	MacCallingStationDelimiter:          pulumi.String("string"),
    	MacCase:                             pulumi.String("string"),
    	MacFilter:                           pulumi.String("string"),
    	MacFilterLists: wirelesscontroller.VapMacFilterListArray{
    		&wirelesscontroller.VapMacFilterListArgs{
    			Id:              pulumi.Int(0),
    			Mac:             pulumi.String("string"),
    			MacFilterPolicy: pulumi.String("string"),
    		},
    	},
    	MacFilterPolicyOther:  pulumi.String("string"),
    	MacPasswordDelimiter:  pulumi.String("string"),
    	MacUsernameDelimiter:  pulumi.String("string"),
    	MaxClients:            pulumi.Int(0),
    	MaxClientsAp:          pulumi.Int(0),
    	Mbo:                   pulumi.String("string"),
    	MboCellDataConnPref:   pulumi.String("string"),
    	MeDisableThresh:       pulumi.Int(0),
    	MeshBackhaul:          pulumi.String("string"),
    	Mpsk:                  pulumi.String("string"),
    	MpskConcurrentClients: pulumi.Int(0),
    	MpskKeys: wirelesscontroller.VapMpskKeyArray{
    		&wirelesscontroller.VapMpskKeyArgs{
    			Comment:           pulumi.String("string"),
    			ConcurrentClients: pulumi.String("string"),
    			KeyName:           pulumi.String("string"),
    			MpskSchedules: wirelesscontroller.VapMpskKeyMpskScheduleArray{
    				&wirelesscontroller.VapMpskKeyMpskScheduleArgs{
    					Name: pulumi.String("string"),
    				},
    			},
    			Passphrase: pulumi.String("string"),
    		},
    	},
    	MpskProfile:                pulumi.String("string"),
    	MuMimo:                     pulumi.String("string"),
    	MulticastEnhance:           pulumi.String("string"),
    	MulticastRate:              pulumi.String("string"),
    	N80211k:                    pulumi.String("string"),
    	N80211v:                    pulumi.String("string"),
    	Nac:                        pulumi.String("string"),
    	NacProfile:                 pulumi.String("string"),
    	Name:                       pulumi.String("string"),
    	NasFilterRule:              pulumi.String("string"),
    	NeighborReportDualBand:     pulumi.String("string"),
    	Okc:                        pulumi.String("string"),
    	Osen:                       pulumi.String("string"),
    	OweGroups:                  pulumi.String("string"),
    	OweTransition:              pulumi.String("string"),
    	OweTransitionSsid:          pulumi.String("string"),
    	Passphrase:                 pulumi.String("string"),
    	Pmf:                        pulumi.String("string"),
    	PmfAssocComebackTimeout:    pulumi.Int(0),
    	PmfSaQueryRetryTimeout:     pulumi.Int(0),
    	PortMacauth:                pulumi.String("string"),
    	PortMacauthReauthTimeout:   pulumi.Int(0),
    	PortMacauthTimeout:         pulumi.Int(0),
    	PortalMessageOverrideGroup: pulumi.String("string"),
    	PortalMessageOverrides: &wirelesscontroller.VapPortalMessageOverridesArgs{
    		AuthDisclaimerPage:  pulumi.String("string"),
    		AuthLoginFailedPage: pulumi.String("string"),
    		AuthLoginPage:       pulumi.String("string"),
    		AuthRejectPage:      pulumi.String("string"),
    	},
    	PortalType:                 pulumi.String("string"),
    	PrimaryWagProfile:          pulumi.String("string"),
    	ProbeRespSuppression:       pulumi.String("string"),
    	ProbeRespThreshold:         pulumi.String("string"),
    	PtkRekey:                   pulumi.String("string"),
    	PtkRekeyIntv:               pulumi.Int(0),
    	QosProfile:                 pulumi.String("string"),
    	Quarantine:                 pulumi.String("string"),
    	Radio2gThreshold:           pulumi.String("string"),
    	Radio5gThreshold:           pulumi.String("string"),
    	RadioSensitivity:           pulumi.String("string"),
    	RadiusMacAuth:              pulumi.String("string"),
    	RadiusMacAuthBlockInterval: pulumi.Int(0),
    	RadiusMacAuthServer:        pulumi.String("string"),
    	RadiusMacAuthUsergroups: wirelesscontroller.VapRadiusMacAuthUsergroupArray{
    		&wirelesscontroller.VapRadiusMacAuthUsergroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	RadiusMacMpskAuth:        pulumi.String("string"),
    	RadiusMacMpskTimeout:     pulumi.Int(0),
    	RadiusServer:             pulumi.String("string"),
    	Rates11a:                 pulumi.String("string"),
    	Rates11acMcsMap:          pulumi.String("string"),
    	Rates11acSs12:            pulumi.String("string"),
    	Rates11acSs34:            pulumi.String("string"),
    	Rates11axMcsMap:          pulumi.String("string"),
    	Rates11axSs12:            pulumi.String("string"),
    	Rates11axSs34:            pulumi.String("string"),
    	Rates11beMcsMap:          pulumi.String("string"),
    	Rates11beMcsMap160:       pulumi.String("string"),
    	Rates11beMcsMap320:       pulumi.String("string"),
    	Rates11bg:                pulumi.String("string"),
    	Rates11nSs12:             pulumi.String("string"),
    	Rates11nSs34:             pulumi.String("string"),
    	RoamingAcctInterimUpdate: pulumi.String("string"),
    	SaeGroups:                pulumi.String("string"),
    	SaeH2eOnly:               pulumi.String("string"),
    	SaeHnpOnly:               pulumi.String("string"),
    	SaePassword:              pulumi.String("string"),
    	SaePk:                    pulumi.String("string"),
    	SaePrivateKey:            pulumi.String("string"),
    	ScanBotnetConnections:    pulumi.String("string"),
    	Schedule:                 pulumi.String("string"),
    	SecondaryWagProfile:      pulumi.String("string"),
    	Security:                 pulumi.String("string"),
    	SecurityExemptList:       pulumi.String("string"),
    	SecurityObsoleteOption:   pulumi.String("string"),
    	SecurityRedirectUrl:      pulumi.String("string"),
    	SelectedUsergroups: wirelesscontroller.VapSelectedUsergroupArray{
    		&wirelesscontroller.VapSelectedUsergroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	SplitTunneling:          pulumi.String("string"),
    	Ssid:                    pulumi.String("string"),
    	StickyClientRemove:      pulumi.String("string"),
    	StickyClientThreshold2g: pulumi.String("string"),
    	StickyClientThreshold5g: pulumi.String("string"),
    	StickyClientThreshold6g: pulumi.String("string"),
    	TargetWakeTime:          pulumi.String("string"),
    	TkipCounterMeasure:      pulumi.String("string"),
    	TunnelEchoInterval:      pulumi.Int(0),
    	TunnelFallbackInterval:  pulumi.Int(0),
    	Usergroups: wirelesscontroller.VapUsergroupArray{
    		&wirelesscontroller.VapUsergroupArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	UtmLog:     pulumi.String("string"),
    	UtmProfile: pulumi.String("string"),
    	UtmStatus:  pulumi.String("string"),
    	Vdomparam:  pulumi.String("string"),
    	VlanAuto:   pulumi.String("string"),
    	VlanNames: wirelesscontroller.VapVlanNameArray{
    		&wirelesscontroller.VapVlanNameArgs{
    			Name:   pulumi.String("string"),
    			VlanId: pulumi.Int(0),
    		},
    	},
    	VlanPooling: pulumi.String("string"),
    	VlanPools: wirelesscontroller.VapVlanPoolArray{
    		&wirelesscontroller.VapVlanPoolArgs{
    			Id:       pulumi.Int(0),
    			WtpGroup: pulumi.String("string"),
    		},
    	},
    	Vlanid:           pulumi.Int(0),
    	VoiceEnterprise:  pulumi.String("string"),
    	WebfilterProfile: pulumi.String("string"),
    })
    
    var vapResource = new Vap("vapResource", VapArgs.builder()
        .accessControlList("string")
        .acctInterimInterval(0)
        .additionalAkms("string")
        .addressGroup("string")
        .addressGroupPolicy("string")
        .akm24Only("string")
        .alias("string")
        .antivirusProfile("string")
        .applicationDetectionEngine("string")
        .applicationDscpMarking("string")
        .applicationList("string")
        .applicationReportIntv(0)
        .atfWeight(0)
        .auth("string")
        .authCert("string")
        .authPortalAddr("string")
        .beaconAdvertising("string")
        .beaconProtection("string")
        .broadcastSsid("string")
        .broadcastSuppression("string")
        .bssColorPartial("string")
        .bstmDisassociationImminent("string")
        .bstmLoadBalancingDisassocTimer(0)
        .bstmRssiDisassocTimer(0)
        .captivePortal("string")
        .captivePortalAcName("string")
        .captivePortalAuthTimeout(0)
        .captivePortalFwAccounting("string")
        .captivePortalMacauthRadiusSecret("string")
        .captivePortalMacauthRadiusServer("string")
        .captivePortalRadiusSecret("string")
        .captivePortalRadiusServer("string")
        .captivePortalSessionTimeoutInterval(0)
        .dhcpAddressEnforcement("string")
        .dhcpLeaseTime(0)
        .dhcpOption43Insertion("string")
        .dhcpOption82CircuitIdInsertion("string")
        .dhcpOption82Insertion("string")
        .dhcpOption82RemoteIdInsertion("string")
        .dynamicSortSubtable("string")
        .dynamicVlan("string")
        .eapReauth("string")
        .eapReauthIntv(0)
        .eapolKeyRetries("string")
        .encrypt("string")
        .externalFastRoaming("string")
        .externalLogout("string")
        .externalWeb("string")
        .externalWebFormat("string")
        .fastBssTransition("string")
        .fastRoaming("string")
        .ftMobilityDomain(0)
        .ftOverDs("string")
        .ftR0KeyLifetime(0)
        .gasComebackDelay(0)
        .gasFragmentationLimit(0)
        .getAllTables("string")
        .gtkRekey("string")
        .gtkRekeyIntv(0)
        .highEfficiency("string")
        .hotspot20Profile("string")
        .igmpSnooping("string")
        .intraVapPrivacy("string")
        .ip("string")
        .ipsSensor("string")
        .ipv6Rules("string")
        .key("string")
        .keyindex(0)
        .l3Roaming("string")
        .l3RoamingMode("string")
        .ldpc("string")
        .localAuthentication("string")
        .localBridging("string")
        .localLan("string")
        .localStandalone("string")
        .localStandaloneDns("string")
        .localStandaloneDnsIp("string")
        .localStandaloneNat("string")
        .macAuthBypass("string")
        .macCalledStationDelimiter("string")
        .macCallingStationDelimiter("string")
        .macCase("string")
        .macFilter("string")
        .macFilterLists(VapMacFilterListArgs.builder()
            .id(0)
            .mac("string")
            .macFilterPolicy("string")
            .build())
        .macFilterPolicyOther("string")
        .macPasswordDelimiter("string")
        .macUsernameDelimiter("string")
        .maxClients(0)
        .maxClientsAp(0)
        .mbo("string")
        .mboCellDataConnPref("string")
        .meDisableThresh(0)
        .meshBackhaul("string")
        .mpsk("string")
        .mpskConcurrentClients(0)
        .mpskKeys(VapMpskKeyArgs.builder()
            .comment("string")
            .concurrentClients("string")
            .keyName("string")
            .mpskSchedules(VapMpskKeyMpskScheduleArgs.builder()
                .name("string")
                .build())
            .passphrase("string")
            .build())
        .mpskProfile("string")
        .muMimo("string")
        .multicastEnhance("string")
        .multicastRate("string")
        .n80211k("string")
        .n80211v("string")
        .nac("string")
        .nacProfile("string")
        .name("string")
        .nasFilterRule("string")
        .neighborReportDualBand("string")
        .okc("string")
        .osen("string")
        .oweGroups("string")
        .oweTransition("string")
        .oweTransitionSsid("string")
        .passphrase("string")
        .pmf("string")
        .pmfAssocComebackTimeout(0)
        .pmfSaQueryRetryTimeout(0)
        .portMacauth("string")
        .portMacauthReauthTimeout(0)
        .portMacauthTimeout(0)
        .portalMessageOverrideGroup("string")
        .portalMessageOverrides(VapPortalMessageOverridesArgs.builder()
            .authDisclaimerPage("string")
            .authLoginFailedPage("string")
            .authLoginPage("string")
            .authRejectPage("string")
            .build())
        .portalType("string")
        .primaryWagProfile("string")
        .probeRespSuppression("string")
        .probeRespThreshold("string")
        .ptkRekey("string")
        .ptkRekeyIntv(0)
        .qosProfile("string")
        .quarantine("string")
        .radio2gThreshold("string")
        .radio5gThreshold("string")
        .radioSensitivity("string")
        .radiusMacAuth("string")
        .radiusMacAuthBlockInterval(0)
        .radiusMacAuthServer("string")
        .radiusMacAuthUsergroups(VapRadiusMacAuthUsergroupArgs.builder()
            .name("string")
            .build())
        .radiusMacMpskAuth("string")
        .radiusMacMpskTimeout(0)
        .radiusServer("string")
        .rates11a("string")
        .rates11acMcsMap("string")
        .rates11acSs12("string")
        .rates11acSs34("string")
        .rates11axMcsMap("string")
        .rates11axSs12("string")
        .rates11axSs34("string")
        .rates11beMcsMap("string")
        .rates11beMcsMap160("string")
        .rates11beMcsMap320("string")
        .rates11bg("string")
        .rates11nSs12("string")
        .rates11nSs34("string")
        .roamingAcctInterimUpdate("string")
        .saeGroups("string")
        .saeH2eOnly("string")
        .saeHnpOnly("string")
        .saePassword("string")
        .saePk("string")
        .saePrivateKey("string")
        .scanBotnetConnections("string")
        .schedule("string")
        .secondaryWagProfile("string")
        .security("string")
        .securityExemptList("string")
        .securityObsoleteOption("string")
        .securityRedirectUrl("string")
        .selectedUsergroups(VapSelectedUsergroupArgs.builder()
            .name("string")
            .build())
        .splitTunneling("string")
        .ssid("string")
        .stickyClientRemove("string")
        .stickyClientThreshold2g("string")
        .stickyClientThreshold5g("string")
        .stickyClientThreshold6g("string")
        .targetWakeTime("string")
        .tkipCounterMeasure("string")
        .tunnelEchoInterval(0)
        .tunnelFallbackInterval(0)
        .usergroups(VapUsergroupArgs.builder()
            .name("string")
            .build())
        .utmLog("string")
        .utmProfile("string")
        .utmStatus("string")
        .vdomparam("string")
        .vlanAuto("string")
        .vlanNames(VapVlanNameArgs.builder()
            .name("string")
            .vlanId(0)
            .build())
        .vlanPooling("string")
        .vlanPools(VapVlanPoolArgs.builder()
            .id(0)
            .wtpGroup("string")
            .build())
        .vlanid(0)
        .voiceEnterprise("string")
        .webfilterProfile("string")
        .build());
    
    vap_resource = fortios.wirelesscontroller.Vap("vapResource",
        access_control_list="string",
        acct_interim_interval=0,
        additional_akms="string",
        address_group="string",
        address_group_policy="string",
        akm24_only="string",
        alias="string",
        antivirus_profile="string",
        application_detection_engine="string",
        application_dscp_marking="string",
        application_list="string",
        application_report_intv=0,
        atf_weight=0,
        auth="string",
        auth_cert="string",
        auth_portal_addr="string",
        beacon_advertising="string",
        beacon_protection="string",
        broadcast_ssid="string",
        broadcast_suppression="string",
        bss_color_partial="string",
        bstm_disassociation_imminent="string",
        bstm_load_balancing_disassoc_timer=0,
        bstm_rssi_disassoc_timer=0,
        captive_portal="string",
        captive_portal_ac_name="string",
        captive_portal_auth_timeout=0,
        captive_portal_fw_accounting="string",
        captive_portal_macauth_radius_secret="string",
        captive_portal_macauth_radius_server="string",
        captive_portal_radius_secret="string",
        captive_portal_radius_server="string",
        captive_portal_session_timeout_interval=0,
        dhcp_address_enforcement="string",
        dhcp_lease_time=0,
        dhcp_option43_insertion="string",
        dhcp_option82_circuit_id_insertion="string",
        dhcp_option82_insertion="string",
        dhcp_option82_remote_id_insertion="string",
        dynamic_sort_subtable="string",
        dynamic_vlan="string",
        eap_reauth="string",
        eap_reauth_intv=0,
        eapol_key_retries="string",
        encrypt="string",
        external_fast_roaming="string",
        external_logout="string",
        external_web="string",
        external_web_format="string",
        fast_bss_transition="string",
        fast_roaming="string",
        ft_mobility_domain=0,
        ft_over_ds="string",
        ft_r0_key_lifetime=0,
        gas_comeback_delay=0,
        gas_fragmentation_limit=0,
        get_all_tables="string",
        gtk_rekey="string",
        gtk_rekey_intv=0,
        high_efficiency="string",
        hotspot20_profile="string",
        igmp_snooping="string",
        intra_vap_privacy="string",
        ip="string",
        ips_sensor="string",
        ipv6_rules="string",
        key="string",
        keyindex=0,
        l3_roaming="string",
        l3_roaming_mode="string",
        ldpc="string",
        local_authentication="string",
        local_bridging="string",
        local_lan="string",
        local_standalone="string",
        local_standalone_dns="string",
        local_standalone_dns_ip="string",
        local_standalone_nat="string",
        mac_auth_bypass="string",
        mac_called_station_delimiter="string",
        mac_calling_station_delimiter="string",
        mac_case="string",
        mac_filter="string",
        mac_filter_lists=[{
            "id": 0,
            "mac": "string",
            "mac_filter_policy": "string",
        }],
        mac_filter_policy_other="string",
        mac_password_delimiter="string",
        mac_username_delimiter="string",
        max_clients=0,
        max_clients_ap=0,
        mbo="string",
        mbo_cell_data_conn_pref="string",
        me_disable_thresh=0,
        mesh_backhaul="string",
        mpsk="string",
        mpsk_concurrent_clients=0,
        mpsk_keys=[{
            "comment": "string",
            "concurrent_clients": "string",
            "key_name": "string",
            "mpsk_schedules": [{
                "name": "string",
            }],
            "passphrase": "string",
        }],
        mpsk_profile="string",
        mu_mimo="string",
        multicast_enhance="string",
        multicast_rate="string",
        n80211k="string",
        n80211v="string",
        nac="string",
        nac_profile="string",
        name="string",
        nas_filter_rule="string",
        neighbor_report_dual_band="string",
        okc="string",
        osen="string",
        owe_groups="string",
        owe_transition="string",
        owe_transition_ssid="string",
        passphrase="string",
        pmf="string",
        pmf_assoc_comeback_timeout=0,
        pmf_sa_query_retry_timeout=0,
        port_macauth="string",
        port_macauth_reauth_timeout=0,
        port_macauth_timeout=0,
        portal_message_override_group="string",
        portal_message_overrides={
            "auth_disclaimer_page": "string",
            "auth_login_failed_page": "string",
            "auth_login_page": "string",
            "auth_reject_page": "string",
        },
        portal_type="string",
        primary_wag_profile="string",
        probe_resp_suppression="string",
        probe_resp_threshold="string",
        ptk_rekey="string",
        ptk_rekey_intv=0,
        qos_profile="string",
        quarantine="string",
        radio2g_threshold="string",
        radio5g_threshold="string",
        radio_sensitivity="string",
        radius_mac_auth="string",
        radius_mac_auth_block_interval=0,
        radius_mac_auth_server="string",
        radius_mac_auth_usergroups=[{
            "name": "string",
        }],
        radius_mac_mpsk_auth="string",
        radius_mac_mpsk_timeout=0,
        radius_server="string",
        rates11a="string",
        rates11ac_mcs_map="string",
        rates11ac_ss12="string",
        rates11ac_ss34="string",
        rates11ax_mcs_map="string",
        rates11ax_ss12="string",
        rates11ax_ss34="string",
        rates11be_mcs_map="string",
        rates11be_mcs_map160="string",
        rates11be_mcs_map320="string",
        rates11bg="string",
        rates11n_ss12="string",
        rates11n_ss34="string",
        roaming_acct_interim_update="string",
        sae_groups="string",
        sae_h2e_only="string",
        sae_hnp_only="string",
        sae_password="string",
        sae_pk="string",
        sae_private_key="string",
        scan_botnet_connections="string",
        schedule="string",
        secondary_wag_profile="string",
        security="string",
        security_exempt_list="string",
        security_obsolete_option="string",
        security_redirect_url="string",
        selected_usergroups=[{
            "name": "string",
        }],
        split_tunneling="string",
        ssid="string",
        sticky_client_remove="string",
        sticky_client_threshold2g="string",
        sticky_client_threshold5g="string",
        sticky_client_threshold6g="string",
        target_wake_time="string",
        tkip_counter_measure="string",
        tunnel_echo_interval=0,
        tunnel_fallback_interval=0,
        usergroups=[{
            "name": "string",
        }],
        utm_log="string",
        utm_profile="string",
        utm_status="string",
        vdomparam="string",
        vlan_auto="string",
        vlan_names=[{
            "name": "string",
            "vlan_id": 0,
        }],
        vlan_pooling="string",
        vlan_pools=[{
            "id": 0,
            "wtp_group": "string",
        }],
        vlanid=0,
        voice_enterprise="string",
        webfilter_profile="string")
    
    const vapResource = new fortios.wirelesscontroller.Vap("vapResource", {
        accessControlList: "string",
        acctInterimInterval: 0,
        additionalAkms: "string",
        addressGroup: "string",
        addressGroupPolicy: "string",
        akm24Only: "string",
        alias: "string",
        antivirusProfile: "string",
        applicationDetectionEngine: "string",
        applicationDscpMarking: "string",
        applicationList: "string",
        applicationReportIntv: 0,
        atfWeight: 0,
        auth: "string",
        authCert: "string",
        authPortalAddr: "string",
        beaconAdvertising: "string",
        beaconProtection: "string",
        broadcastSsid: "string",
        broadcastSuppression: "string",
        bssColorPartial: "string",
        bstmDisassociationImminent: "string",
        bstmLoadBalancingDisassocTimer: 0,
        bstmRssiDisassocTimer: 0,
        captivePortal: "string",
        captivePortalAcName: "string",
        captivePortalAuthTimeout: 0,
        captivePortalFwAccounting: "string",
        captivePortalMacauthRadiusSecret: "string",
        captivePortalMacauthRadiusServer: "string",
        captivePortalRadiusSecret: "string",
        captivePortalRadiusServer: "string",
        captivePortalSessionTimeoutInterval: 0,
        dhcpAddressEnforcement: "string",
        dhcpLeaseTime: 0,
        dhcpOption43Insertion: "string",
        dhcpOption82CircuitIdInsertion: "string",
        dhcpOption82Insertion: "string",
        dhcpOption82RemoteIdInsertion: "string",
        dynamicSortSubtable: "string",
        dynamicVlan: "string",
        eapReauth: "string",
        eapReauthIntv: 0,
        eapolKeyRetries: "string",
        encrypt: "string",
        externalFastRoaming: "string",
        externalLogout: "string",
        externalWeb: "string",
        externalWebFormat: "string",
        fastBssTransition: "string",
        fastRoaming: "string",
        ftMobilityDomain: 0,
        ftOverDs: "string",
        ftR0KeyLifetime: 0,
        gasComebackDelay: 0,
        gasFragmentationLimit: 0,
        getAllTables: "string",
        gtkRekey: "string",
        gtkRekeyIntv: 0,
        highEfficiency: "string",
        hotspot20Profile: "string",
        igmpSnooping: "string",
        intraVapPrivacy: "string",
        ip: "string",
        ipsSensor: "string",
        ipv6Rules: "string",
        key: "string",
        keyindex: 0,
        l3Roaming: "string",
        l3RoamingMode: "string",
        ldpc: "string",
        localAuthentication: "string",
        localBridging: "string",
        localLan: "string",
        localStandalone: "string",
        localStandaloneDns: "string",
        localStandaloneDnsIp: "string",
        localStandaloneNat: "string",
        macAuthBypass: "string",
        macCalledStationDelimiter: "string",
        macCallingStationDelimiter: "string",
        macCase: "string",
        macFilter: "string",
        macFilterLists: [{
            id: 0,
            mac: "string",
            macFilterPolicy: "string",
        }],
        macFilterPolicyOther: "string",
        macPasswordDelimiter: "string",
        macUsernameDelimiter: "string",
        maxClients: 0,
        maxClientsAp: 0,
        mbo: "string",
        mboCellDataConnPref: "string",
        meDisableThresh: 0,
        meshBackhaul: "string",
        mpsk: "string",
        mpskConcurrentClients: 0,
        mpskKeys: [{
            comment: "string",
            concurrentClients: "string",
            keyName: "string",
            mpskSchedules: [{
                name: "string",
            }],
            passphrase: "string",
        }],
        mpskProfile: "string",
        muMimo: "string",
        multicastEnhance: "string",
        multicastRate: "string",
        n80211k: "string",
        n80211v: "string",
        nac: "string",
        nacProfile: "string",
        name: "string",
        nasFilterRule: "string",
        neighborReportDualBand: "string",
        okc: "string",
        osen: "string",
        oweGroups: "string",
        oweTransition: "string",
        oweTransitionSsid: "string",
        passphrase: "string",
        pmf: "string",
        pmfAssocComebackTimeout: 0,
        pmfSaQueryRetryTimeout: 0,
        portMacauth: "string",
        portMacauthReauthTimeout: 0,
        portMacauthTimeout: 0,
        portalMessageOverrideGroup: "string",
        portalMessageOverrides: {
            authDisclaimerPage: "string",
            authLoginFailedPage: "string",
            authLoginPage: "string",
            authRejectPage: "string",
        },
        portalType: "string",
        primaryWagProfile: "string",
        probeRespSuppression: "string",
        probeRespThreshold: "string",
        ptkRekey: "string",
        ptkRekeyIntv: 0,
        qosProfile: "string",
        quarantine: "string",
        radio2gThreshold: "string",
        radio5gThreshold: "string",
        radioSensitivity: "string",
        radiusMacAuth: "string",
        radiusMacAuthBlockInterval: 0,
        radiusMacAuthServer: "string",
        radiusMacAuthUsergroups: [{
            name: "string",
        }],
        radiusMacMpskAuth: "string",
        radiusMacMpskTimeout: 0,
        radiusServer: "string",
        rates11a: "string",
        rates11acMcsMap: "string",
        rates11acSs12: "string",
        rates11acSs34: "string",
        rates11axMcsMap: "string",
        rates11axSs12: "string",
        rates11axSs34: "string",
        rates11beMcsMap: "string",
        rates11beMcsMap160: "string",
        rates11beMcsMap320: "string",
        rates11bg: "string",
        rates11nSs12: "string",
        rates11nSs34: "string",
        roamingAcctInterimUpdate: "string",
        saeGroups: "string",
        saeH2eOnly: "string",
        saeHnpOnly: "string",
        saePassword: "string",
        saePk: "string",
        saePrivateKey: "string",
        scanBotnetConnections: "string",
        schedule: "string",
        secondaryWagProfile: "string",
        security: "string",
        securityExemptList: "string",
        securityObsoleteOption: "string",
        securityRedirectUrl: "string",
        selectedUsergroups: [{
            name: "string",
        }],
        splitTunneling: "string",
        ssid: "string",
        stickyClientRemove: "string",
        stickyClientThreshold2g: "string",
        stickyClientThreshold5g: "string",
        stickyClientThreshold6g: "string",
        targetWakeTime: "string",
        tkipCounterMeasure: "string",
        tunnelEchoInterval: 0,
        tunnelFallbackInterval: 0,
        usergroups: [{
            name: "string",
        }],
        utmLog: "string",
        utmProfile: "string",
        utmStatus: "string",
        vdomparam: "string",
        vlanAuto: "string",
        vlanNames: [{
            name: "string",
            vlanId: 0,
        }],
        vlanPooling: "string",
        vlanPools: [{
            id: 0,
            wtpGroup: "string",
        }],
        vlanid: 0,
        voiceEnterprise: "string",
        webfilterProfile: "string",
    });
    
    type: fortios:wirelesscontroller:Vap
    properties:
        accessControlList: string
        acctInterimInterval: 0
        additionalAkms: string
        addressGroup: string
        addressGroupPolicy: string
        akm24Only: string
        alias: string
        antivirusProfile: string
        applicationDetectionEngine: string
        applicationDscpMarking: string
        applicationList: string
        applicationReportIntv: 0
        atfWeight: 0
        auth: string
        authCert: string
        authPortalAddr: string
        beaconAdvertising: string
        beaconProtection: string
        broadcastSsid: string
        broadcastSuppression: string
        bssColorPartial: string
        bstmDisassociationImminent: string
        bstmLoadBalancingDisassocTimer: 0
        bstmRssiDisassocTimer: 0
        captivePortal: string
        captivePortalAcName: string
        captivePortalAuthTimeout: 0
        captivePortalFwAccounting: string
        captivePortalMacauthRadiusSecret: string
        captivePortalMacauthRadiusServer: string
        captivePortalRadiusSecret: string
        captivePortalRadiusServer: string
        captivePortalSessionTimeoutInterval: 0
        dhcpAddressEnforcement: string
        dhcpLeaseTime: 0
        dhcpOption43Insertion: string
        dhcpOption82CircuitIdInsertion: string
        dhcpOption82Insertion: string
        dhcpOption82RemoteIdInsertion: string
        dynamicSortSubtable: string
        dynamicVlan: string
        eapReauth: string
        eapReauthIntv: 0
        eapolKeyRetries: string
        encrypt: string
        externalFastRoaming: string
        externalLogout: string
        externalWeb: string
        externalWebFormat: string
        fastBssTransition: string
        fastRoaming: string
        ftMobilityDomain: 0
        ftOverDs: string
        ftR0KeyLifetime: 0
        gasComebackDelay: 0
        gasFragmentationLimit: 0
        getAllTables: string
        gtkRekey: string
        gtkRekeyIntv: 0
        highEfficiency: string
        hotspot20Profile: string
        igmpSnooping: string
        intraVapPrivacy: string
        ip: string
        ipsSensor: string
        ipv6Rules: string
        key: string
        keyindex: 0
        l3Roaming: string
        l3RoamingMode: string
        ldpc: string
        localAuthentication: string
        localBridging: string
        localLan: string
        localStandalone: string
        localStandaloneDns: string
        localStandaloneDnsIp: string
        localStandaloneNat: string
        macAuthBypass: string
        macCalledStationDelimiter: string
        macCallingStationDelimiter: string
        macCase: string
        macFilter: string
        macFilterLists:
            - id: 0
              mac: string
              macFilterPolicy: string
        macFilterPolicyOther: string
        macPasswordDelimiter: string
        macUsernameDelimiter: string
        maxClients: 0
        maxClientsAp: 0
        mbo: string
        mboCellDataConnPref: string
        meDisableThresh: 0
        meshBackhaul: string
        mpsk: string
        mpskConcurrentClients: 0
        mpskKeys:
            - comment: string
              concurrentClients: string
              keyName: string
              mpskSchedules:
                - name: string
              passphrase: string
        mpskProfile: string
        muMimo: string
        multicastEnhance: string
        multicastRate: string
        n80211k: string
        n80211v: string
        nac: string
        nacProfile: string
        name: string
        nasFilterRule: string
        neighborReportDualBand: string
        okc: string
        osen: string
        oweGroups: string
        oweTransition: string
        oweTransitionSsid: string
        passphrase: string
        pmf: string
        pmfAssocComebackTimeout: 0
        pmfSaQueryRetryTimeout: 0
        portMacauth: string
        portMacauthReauthTimeout: 0
        portMacauthTimeout: 0
        portalMessageOverrideGroup: string
        portalMessageOverrides:
            authDisclaimerPage: string
            authLoginFailedPage: string
            authLoginPage: string
            authRejectPage: string
        portalType: string
        primaryWagProfile: string
        probeRespSuppression: string
        probeRespThreshold: string
        ptkRekey: string
        ptkRekeyIntv: 0
        qosProfile: string
        quarantine: string
        radio2gThreshold: string
        radio5gThreshold: string
        radioSensitivity: string
        radiusMacAuth: string
        radiusMacAuthBlockInterval: 0
        radiusMacAuthServer: string
        radiusMacAuthUsergroups:
            - name: string
        radiusMacMpskAuth: string
        radiusMacMpskTimeout: 0
        radiusServer: string
        rates11a: string
        rates11acMcsMap: string
        rates11acSs12: string
        rates11acSs34: string
        rates11axMcsMap: string
        rates11axSs12: string
        rates11axSs34: string
        rates11beMcsMap: string
        rates11beMcsMap160: string
        rates11beMcsMap320: string
        rates11bg: string
        rates11nSs12: string
        rates11nSs34: string
        roamingAcctInterimUpdate: string
        saeGroups: string
        saeH2eOnly: string
        saeHnpOnly: string
        saePassword: string
        saePk: string
        saePrivateKey: string
        scanBotnetConnections: string
        schedule: string
        secondaryWagProfile: string
        security: string
        securityExemptList: string
        securityObsoleteOption: string
        securityRedirectUrl: string
        selectedUsergroups:
            - name: string
        splitTunneling: string
        ssid: string
        stickyClientRemove: string
        stickyClientThreshold2g: string
        stickyClientThreshold5g: string
        stickyClientThreshold6g: string
        targetWakeTime: string
        tkipCounterMeasure: string
        tunnelEchoInterval: 0
        tunnelFallbackInterval: 0
        usergroups:
            - name: string
        utmLog: string
        utmProfile: string
        utmStatus: string
        vdomparam: string
        vlanAuto: string
        vlanNames:
            - name: string
              vlanId: 0
        vlanPooling: string
        vlanPools:
            - id: 0
              wtpGroup: string
        vlanid: 0
        voiceEnterprise: string
        webfilterProfile: string
    

    Vap Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Vap resource accepts the following input properties:

    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms string
    Additional AKMs.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv int
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight int
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BeaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    BroadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    BstmLoadBalancingDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    CaptivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval int
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    DhcpLeaseTime int
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    EapReauthIntv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    FtMobilityDomain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    GtkRekeyIntv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Key string
    WEP Key.
    Keyindex int
    WEP key index (1 - 4).
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    LocalStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    MacFilterLists List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapMacFilterList>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    Mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    MpskConcurrentClients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    MpskKeys List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapMpskKey>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: enable, disable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    OweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    PtkRekeyIntv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    RadiusMacAuthBlockInterval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapRadiusMacAuthUsergroup>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    RadiusMacMpskTimeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11a string
    Allowed data rates for 802.11a.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    Rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    Rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    Rates11bg string
    Allowed data rates for 802.11b/g.
    Rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    SaeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    Schedule string
    VAP schedule name.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapSelectedUsergroup>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    TunnelEchoInterval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapUsergroup>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    UtmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    VlanNames List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapVlanName>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapVlanPool>
    VLAN pool. The structure of vlan_pool block is documented below.
    Vlanid int
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms string
    Additional AKMs.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv int
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight int
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BeaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    BroadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    BstmLoadBalancingDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    CaptivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval int
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    DhcpLeaseTime int
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    EapReauthIntv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    FtMobilityDomain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    GtkRekeyIntv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Key string
    WEP Key.
    Keyindex int
    WEP key index (1 - 4).
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    LocalStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    MacFilterLists []VapMacFilterListArgs
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    Mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    MpskConcurrentClients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    MpskKeys []VapMpskKeyArgs
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: enable, disable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    OweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides VapPortalMessageOverridesArgs
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    PtkRekeyIntv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    RadiusMacAuthBlockInterval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups []VapRadiusMacAuthUsergroupArgs
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    RadiusMacMpskTimeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11a string
    Allowed data rates for 802.11a.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    Rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    Rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    Rates11bg string
    Allowed data rates for 802.11b/g.
    Rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    SaeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    Schedule string
    VAP schedule name.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups []VapSelectedUsergroupArgs
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    TunnelEchoInterval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroups []VapUsergroupArgs
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    UtmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    VlanNames []VapVlanNameArgs
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools []VapVlanPoolArgs
    VLAN pool. The structure of vlan_pool block is documented below.
    Vlanid int
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Integer
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms String
    Additional AKMs.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only String
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList String
    Application control list name.
    applicationReportIntv Integer
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Integer
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertising String
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection String
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression String
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer Integer
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Integer
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal String
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Integer
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret String
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret String
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Integer
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime Integer
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv Integer
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain Integer
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Integer
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Integer
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Integer
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv Integer
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules String
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key String
    WEP Key.
    keyindex Integer
    WEP key index (1 - 4).
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp String
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists List<VapMacFilterList>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Integer
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Integer
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Integer
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk String
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients Integer
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys List<VapMpskKey>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    nasFilterRule String
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups String
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrase String
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Integer
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Integer
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Integer
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Integer
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv Integer
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval Integer
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<VapRadiusMacAuthUsergroup>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout Integer
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11a String
    Allowed data rates for 802.11a.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 String
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 String
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 String
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 String
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg String
    Allowed data rates for 802.11b/g.
    rates11nSs12 String
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 String
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups String
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword String
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule String
    VAP schedule name.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups List<VapSelectedUsergroup>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval Integer
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Integer
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups List<VapUsergroup>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog String
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames List<VapVlanName>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<VapVlanPool>
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid Integer
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.
    accessControlList string
    access-control-list profile name.
    acctInterimInterval number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms string
    Additional AKMs.
    addressGroup string
    Address group ID.
    addressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias string
    Alias.
    antivirusProfile string
    AntiVirus profile name.
    applicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList string
    Application control list name.
    applicationReportIntv number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight number
    Airtime weight in percentage (default = 20).
    auth string
    Authentication protocol.
    authCert string
    HTTPS server certificate.
    authPortalAddr string
    Address of captive portal.
    beaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName string
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    captivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout string
    URL of external authentication logout server.
    externalWeb string
    URL of external authentication web server.
    externalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit number
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv number
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile string
    Hotspot 2.0 profile name.
    igmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip string
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor string
    IPS sensor name.
    ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key string
    WEP Key.
    keyindex number
    WEP key index (1 - 4).
    l3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists VapMacFilterList[]
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp number
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients number
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys VapMpskKey[]
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile string
    MPSK profile name.
    muMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac string
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile string
    NAC profile name.
    name string
    Virtual AP name.
    nasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid string
    OWE transition mode peer SSID.
    passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile string
    Primary wireless access gateway profile name.
    probeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv number
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile string
    Quality of service profile name.
    quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer string
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups VapRadiusMacAuthUsergroup[]
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer string
    RADIUS server to be used to authenticate WiFi users.
    rates11a string
    Allowed data rates for 802.11a.
    rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg string
    Allowed data rates for 802.11b/g.
    rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule string
    VAP schedule name.
    secondaryWagProfile string
    Secondary wireless access gateway profile name.
    security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList string
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups VapSelectedUsergroup[]
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups VapUsergroup[]
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile string
    UTM profile name.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames VapVlanName[]
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools VapVlanPool[]
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid number
    Optional VLAN ID.
    voiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile string
    WebFilter profile name.
    access_control_list str
    access-control-list profile name.
    acct_interim_interval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additional_akms str
    Additional AKMs.
    address_group str
    Address group ID.
    address_group_policy str
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24_only str
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias str
    Alias.
    antivirus_profile str
    AntiVirus profile name.
    application_detection_engine str
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    application_dscp_marking str
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    application_list str
    Application control list name.
    application_report_intv int
    Application report interval (30 - 864000 sec, default = 120).
    atf_weight int
    Airtime weight in percentage (default = 20).
    auth str
    Authentication protocol.
    auth_cert str
    HTTPS server certificate.
    auth_portal_addr str
    Address of captive portal.
    beacon_advertising str
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beacon_protection str
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcast_ssid str
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcast_suppression str
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bss_color_partial str
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstm_disassociation_imminent str
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstm_load_balancing_disassoc_timer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstm_rssi_disassoc_timer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captive_portal str
    Enable/disable captive portal. Valid values: enable, disable.
    captive_portal_ac_name str
    Local-bridging captive portal ac-name.
    captive_portal_auth_timeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captive_portal_fw_accounting str
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captive_portal_macauth_radius_secret str
    Secret key to access the macauth RADIUS server.
    captive_portal_macauth_radius_server str
    Captive portal external RADIUS server domain name or IP address.
    captive_portal_radius_secret str
    Secret key to access the RADIUS server.
    captive_portal_radius_server str
    Captive portal RADIUS server domain name or IP address.
    captive_portal_session_timeout_interval int
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcp_address_enforcement str
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcp_lease_time int
    DHCP lease time in seconds for NAT IP address.
    dhcp_option43_insertion str
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcp_option82_circuit_id_insertion str
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcp_option82_insertion str
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcp_option82_remote_id_insertion str
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamic_vlan str
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eap_reauth str
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eap_reauth_intv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapol_key_retries str
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt str
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    external_fast_roaming str
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    external_logout str
    URL of external authentication logout server.
    external_web str
    URL of external authentication web server.
    external_web_format str
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fast_bss_transition str
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fast_roaming str
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ft_mobility_domain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ft_over_ds str
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ft_r0_key_lifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gas_comeback_delay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gas_fragmentation_limit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtk_rekey str
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtk_rekey_intv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    high_efficiency str
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20_profile str
    Hotspot 2.0 profile name.
    igmp_snooping str
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intra_vap_privacy str
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip str
    IP address and subnet mask for the local standalone NAT subnet.
    ips_sensor str
    IPS sensor name.
    ipv6_rules str
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key str
    WEP Key.
    keyindex int
    WEP key index (1 - 4).
    l3_roaming str
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3_roaming_mode str
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc str
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    local_authentication str
    Enable/disable AP local authentication. Valid values: enable, disable.
    local_bridging str
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    local_lan str
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    local_standalone str
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    local_standalone_dns str
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    local_standalone_dns_ip str
    IPv4 addresses for the local standalone DNS.
    local_standalone_nat str
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    mac_auth_bypass str
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    mac_called_station_delimiter str
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_calling_station_delimiter str
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_case str
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    mac_filter str
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    mac_filter_lists Sequence[VapMacFilterListArgs]
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    mac_filter_policy_other str
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    max_clients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    max_clients_ap int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo str
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mbo_cell_data_conn_pref str
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    me_disable_thresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    mesh_backhaul str
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk str
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpsk_concurrent_clients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpsk_keys Sequence[VapMpskKeyArgs]
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpsk_profile str
    MPSK profile name.
    mu_mimo str
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicast_enhance str
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicast_rate str
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k str
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v str
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac str
    Enable/disable network access control. Valid values: enable, disable.
    nac_profile str
    NAC profile name.
    name str
    Virtual AP name.
    nas_filter_rule str
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighbor_report_dual_band str
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc str
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen str
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    owe_groups str
    OWE-Groups. Valid values: 19, 20, 21.
    owe_transition str
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    owe_transition_ssid str
    OWE transition mode peer SSID.
    passphrase str
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf str
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmf_assoc_comeback_timeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmf_sa_query_retry_timeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    port_macauth str
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    port_macauth_reauth_timeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    port_macauth_timeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portal_message_override_group str
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portal_message_overrides VapPortalMessageOverridesArgs
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portal_type str
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primary_wag_profile str
    Primary wireless access gateway profile name.
    probe_resp_suppression str
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probe_resp_threshold str
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptk_rekey str
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptk_rekey_intv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qos_profile str
    Quality of service profile name.
    quarantine str
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radio_sensitivity str
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radius_mac_auth str
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radius_mac_auth_block_interval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radius_mac_auth_server str
    RADIUS-based MAC authentication server.
    radius_mac_auth_usergroups Sequence[VapRadiusMacAuthUsergroupArgs]
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radius_mac_mpsk_auth str
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radius_mac_mpsk_timeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radius_server str
    RADIUS server to be used to authenticate WiFi users.
    rates11a str
    Allowed data rates for 802.11a.
    rates11ac_mcs_map str
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11ac_ss12 str
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ac_ss34 str
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11ax_mcs_map str
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11ax_ss12 str
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ax_ss34 str
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11be_mcs_map str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11be_mcs_map160 str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11be_mcs_map320 str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg str
    Allowed data rates for 802.11b/g.
    rates11n_ss12 str
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11n_ss34 str
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roaming_acct_interim_update str
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    sae_groups str
    SAE-Groups. Valid values: 19, 20, 21.
    sae_h2e_only str
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    sae_hnp_only str
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    sae_password str
    WPA3 SAE password to be used to authenticate WiFi users.
    sae_pk str
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    sae_private_key str
    Private key used for WPA3 SAE-PK authentication.
    scan_botnet_connections str
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule str
    VAP schedule name.
    secondary_wag_profile str
    Secondary wireless access gateway profile name.
    security str
    Security mode for the wireless interface (default = wpa2-only-personal).
    security_exempt_list str
    Optional security exempt list for captive portal authentication.
    security_obsolete_option str
    Enable/disable obsolete security options. Valid values: enable, disable.
    security_redirect_url str
    Optional URL for redirecting users after they pass captive portal authentication.
    selected_usergroups Sequence[VapSelectedUsergroupArgs]
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    split_tunneling str
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid str
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    sticky_client_remove str
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    sticky_client_threshold2g str
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    sticky_client_threshold5g str
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    sticky_client_threshold6g str
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    target_wake_time str
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkip_counter_measure str
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnel_echo_interval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnel_fallback_interval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups Sequence[VapUsergroupArgs]
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utm_log str
    Enable/disable UTM logging. Valid values: enable, disable.
    utm_profile str
    UTM profile name.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlan_auto str
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlan_names Sequence[VapVlanNameArgs]
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlan_pooling str
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlan_pools Sequence[VapVlanPoolArgs]
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid int
    Optional VLAN ID.
    voice_enterprise str
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilter_profile str
    WebFilter profile name.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms String
    Additional AKMs.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only String
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList String
    Application control list name.
    applicationReportIntv Number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Number
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertising String
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection String
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression String
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal String
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret String
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret String
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime Number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv Number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain Number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Number
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv Number
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules String
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key String
    WEP Key.
    keyindex Number
    WEP key index (1 - 4).
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp String
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists List<Property Map>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Number
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk String
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients Number
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys List<Property Map>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    nasFilterRule String
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups String
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrase String
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides Property Map
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv Number
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval Number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<Property Map>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout Number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11a String
    Allowed data rates for 802.11a.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 String
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 String
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 String
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 String
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg String
    Allowed data rates for 802.11b/g.
    rates11nSs12 String
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 String
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups String
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword String
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule String
    VAP schedule name.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups List<Property Map>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval Number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups List<Property Map>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog String
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames List<Property Map>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<Property Map>
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid Number
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Vap resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Vap Resource

    Get an existing Vap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VapState, opts?: CustomResourceOptions): Vap
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_control_list: Optional[str] = None,
            acct_interim_interval: Optional[int] = None,
            additional_akms: Optional[str] = None,
            address_group: Optional[str] = None,
            address_group_policy: Optional[str] = None,
            akm24_only: Optional[str] = None,
            alias: Optional[str] = None,
            antivirus_profile: Optional[str] = None,
            application_detection_engine: Optional[str] = None,
            application_dscp_marking: Optional[str] = None,
            application_list: Optional[str] = None,
            application_report_intv: Optional[int] = None,
            atf_weight: Optional[int] = None,
            auth: Optional[str] = None,
            auth_cert: Optional[str] = None,
            auth_portal_addr: Optional[str] = None,
            beacon_advertising: Optional[str] = None,
            beacon_protection: Optional[str] = None,
            broadcast_ssid: Optional[str] = None,
            broadcast_suppression: Optional[str] = None,
            bss_color_partial: Optional[str] = None,
            bstm_disassociation_imminent: Optional[str] = None,
            bstm_load_balancing_disassoc_timer: Optional[int] = None,
            bstm_rssi_disassoc_timer: Optional[int] = None,
            captive_portal: Optional[str] = None,
            captive_portal_ac_name: Optional[str] = None,
            captive_portal_auth_timeout: Optional[int] = None,
            captive_portal_fw_accounting: Optional[str] = None,
            captive_portal_macauth_radius_secret: Optional[str] = None,
            captive_portal_macauth_radius_server: Optional[str] = None,
            captive_portal_radius_secret: Optional[str] = None,
            captive_portal_radius_server: Optional[str] = None,
            captive_portal_session_timeout_interval: Optional[int] = None,
            dhcp_address_enforcement: Optional[str] = None,
            dhcp_lease_time: Optional[int] = None,
            dhcp_option43_insertion: Optional[str] = None,
            dhcp_option82_circuit_id_insertion: Optional[str] = None,
            dhcp_option82_insertion: Optional[str] = None,
            dhcp_option82_remote_id_insertion: Optional[str] = None,
            dynamic_sort_subtable: Optional[str] = None,
            dynamic_vlan: Optional[str] = None,
            eap_reauth: Optional[str] = None,
            eap_reauth_intv: Optional[int] = None,
            eapol_key_retries: Optional[str] = None,
            encrypt: Optional[str] = None,
            external_fast_roaming: Optional[str] = None,
            external_logout: Optional[str] = None,
            external_web: Optional[str] = None,
            external_web_format: Optional[str] = None,
            fast_bss_transition: Optional[str] = None,
            fast_roaming: Optional[str] = None,
            ft_mobility_domain: Optional[int] = None,
            ft_over_ds: Optional[str] = None,
            ft_r0_key_lifetime: Optional[int] = None,
            gas_comeback_delay: Optional[int] = None,
            gas_fragmentation_limit: Optional[int] = None,
            get_all_tables: Optional[str] = None,
            gtk_rekey: Optional[str] = None,
            gtk_rekey_intv: Optional[int] = None,
            high_efficiency: Optional[str] = None,
            hotspot20_profile: Optional[str] = None,
            igmp_snooping: Optional[str] = None,
            intra_vap_privacy: Optional[str] = None,
            ip: Optional[str] = None,
            ips_sensor: Optional[str] = None,
            ipv6_rules: Optional[str] = None,
            key: Optional[str] = None,
            keyindex: Optional[int] = None,
            l3_roaming: Optional[str] = None,
            l3_roaming_mode: Optional[str] = None,
            ldpc: Optional[str] = None,
            local_authentication: Optional[str] = None,
            local_bridging: Optional[str] = None,
            local_lan: Optional[str] = None,
            local_standalone: Optional[str] = None,
            local_standalone_dns: Optional[str] = None,
            local_standalone_dns_ip: Optional[str] = None,
            local_standalone_nat: Optional[str] = None,
            mac_auth_bypass: Optional[str] = None,
            mac_called_station_delimiter: Optional[str] = None,
            mac_calling_station_delimiter: Optional[str] = None,
            mac_case: Optional[str] = None,
            mac_filter: Optional[str] = None,
            mac_filter_lists: Optional[Sequence[VapMacFilterListArgs]] = None,
            mac_filter_policy_other: Optional[str] = None,
            mac_password_delimiter: Optional[str] = None,
            mac_username_delimiter: Optional[str] = None,
            max_clients: Optional[int] = None,
            max_clients_ap: Optional[int] = None,
            mbo: Optional[str] = None,
            mbo_cell_data_conn_pref: Optional[str] = None,
            me_disable_thresh: Optional[int] = None,
            mesh_backhaul: Optional[str] = None,
            mpsk: Optional[str] = None,
            mpsk_concurrent_clients: Optional[int] = None,
            mpsk_keys: Optional[Sequence[VapMpskKeyArgs]] = None,
            mpsk_profile: Optional[str] = None,
            mu_mimo: Optional[str] = None,
            multicast_enhance: Optional[str] = None,
            multicast_rate: Optional[str] = None,
            n80211k: Optional[str] = None,
            n80211v: Optional[str] = None,
            nac: Optional[str] = None,
            nac_profile: Optional[str] = None,
            name: Optional[str] = None,
            nas_filter_rule: Optional[str] = None,
            neighbor_report_dual_band: Optional[str] = None,
            okc: Optional[str] = None,
            osen: Optional[str] = None,
            owe_groups: Optional[str] = None,
            owe_transition: Optional[str] = None,
            owe_transition_ssid: Optional[str] = None,
            passphrase: Optional[str] = None,
            pmf: Optional[str] = None,
            pmf_assoc_comeback_timeout: Optional[int] = None,
            pmf_sa_query_retry_timeout: Optional[int] = None,
            port_macauth: Optional[str] = None,
            port_macauth_reauth_timeout: Optional[int] = None,
            port_macauth_timeout: Optional[int] = None,
            portal_message_override_group: Optional[str] = None,
            portal_message_overrides: Optional[VapPortalMessageOverridesArgs] = None,
            portal_type: Optional[str] = None,
            primary_wag_profile: Optional[str] = None,
            probe_resp_suppression: Optional[str] = None,
            probe_resp_threshold: Optional[str] = None,
            ptk_rekey: Optional[str] = None,
            ptk_rekey_intv: Optional[int] = None,
            qos_profile: Optional[str] = None,
            quarantine: Optional[str] = None,
            radio2g_threshold: Optional[str] = None,
            radio5g_threshold: Optional[str] = None,
            radio_sensitivity: Optional[str] = None,
            radius_mac_auth: Optional[str] = None,
            radius_mac_auth_block_interval: Optional[int] = None,
            radius_mac_auth_server: Optional[str] = None,
            radius_mac_auth_usergroups: Optional[Sequence[VapRadiusMacAuthUsergroupArgs]] = None,
            radius_mac_mpsk_auth: Optional[str] = None,
            radius_mac_mpsk_timeout: Optional[int] = None,
            radius_server: Optional[str] = None,
            rates11a: Optional[str] = None,
            rates11ac_mcs_map: Optional[str] = None,
            rates11ac_ss12: Optional[str] = None,
            rates11ac_ss34: Optional[str] = None,
            rates11ax_mcs_map: Optional[str] = None,
            rates11ax_ss12: Optional[str] = None,
            rates11ax_ss34: Optional[str] = None,
            rates11be_mcs_map: Optional[str] = None,
            rates11be_mcs_map160: Optional[str] = None,
            rates11be_mcs_map320: Optional[str] = None,
            rates11bg: Optional[str] = None,
            rates11n_ss12: Optional[str] = None,
            rates11n_ss34: Optional[str] = None,
            roaming_acct_interim_update: Optional[str] = None,
            sae_groups: Optional[str] = None,
            sae_h2e_only: Optional[str] = None,
            sae_hnp_only: Optional[str] = None,
            sae_password: Optional[str] = None,
            sae_pk: Optional[str] = None,
            sae_private_key: Optional[str] = None,
            scan_botnet_connections: Optional[str] = None,
            schedule: Optional[str] = None,
            secondary_wag_profile: Optional[str] = None,
            security: Optional[str] = None,
            security_exempt_list: Optional[str] = None,
            security_obsolete_option: Optional[str] = None,
            security_redirect_url: Optional[str] = None,
            selected_usergroups: Optional[Sequence[VapSelectedUsergroupArgs]] = None,
            split_tunneling: Optional[str] = None,
            ssid: Optional[str] = None,
            sticky_client_remove: Optional[str] = None,
            sticky_client_threshold2g: Optional[str] = None,
            sticky_client_threshold5g: Optional[str] = None,
            sticky_client_threshold6g: Optional[str] = None,
            target_wake_time: Optional[str] = None,
            tkip_counter_measure: Optional[str] = None,
            tunnel_echo_interval: Optional[int] = None,
            tunnel_fallback_interval: Optional[int] = None,
            usergroups: Optional[Sequence[VapUsergroupArgs]] = None,
            utm_log: Optional[str] = None,
            utm_profile: Optional[str] = None,
            utm_status: Optional[str] = None,
            vdomparam: Optional[str] = None,
            vlan_auto: Optional[str] = None,
            vlan_names: Optional[Sequence[VapVlanNameArgs]] = None,
            vlan_pooling: Optional[str] = None,
            vlan_pools: Optional[Sequence[VapVlanPoolArgs]] = None,
            vlanid: Optional[int] = None,
            voice_enterprise: Optional[str] = None,
            webfilter_profile: Optional[str] = None) -> Vap
    func GetVap(ctx *Context, name string, id IDInput, state *VapState, opts ...ResourceOption) (*Vap, error)
    public static Vap Get(string name, Input<string> id, VapState? state, CustomResourceOptions? opts = null)
    public static Vap get(String name, Output<String> id, VapState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms string
    Additional AKMs.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv int
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight int
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BeaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    BroadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    BstmLoadBalancingDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    CaptivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval int
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    DhcpLeaseTime int
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    EapReauthIntv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    FtMobilityDomain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    GtkRekeyIntv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Key string
    WEP Key.
    Keyindex int
    WEP key index (1 - 4).
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    LocalStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    MacFilterLists List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapMacFilterList>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    Mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    MpskConcurrentClients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    MpskKeys List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapMpskKey>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: enable, disable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    OweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    PtkRekeyIntv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    RadiusMacAuthBlockInterval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapRadiusMacAuthUsergroup>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    RadiusMacMpskTimeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11a string
    Allowed data rates for 802.11a.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    Rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    Rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    Rates11bg string
    Allowed data rates for 802.11b/g.
    Rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    SaeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    Schedule string
    VAP schedule name.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapSelectedUsergroup>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    TunnelEchoInterval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroups List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapUsergroup>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    UtmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    VlanNames List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapVlanName>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapVlanPool>
    VLAN pool. The structure of vlan_pool block is documented below.
    Vlanid int
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms string
    Additional AKMs.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv int
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight int
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BeaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    BroadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    BstmLoadBalancingDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    CaptivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval int
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    DhcpLeaseTime int
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    DynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    EapReauthIntv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    FtMobilityDomain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    GtkRekeyIntv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Key string
    WEP Key.
    Keyindex int
    WEP key index (1 - 4).
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    LocalStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    MacFilterLists []VapMacFilterListArgs
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    Mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    MpskConcurrentClients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    MpskKeys []VapMpskKeyArgs
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: enable, disable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    OweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides VapPortalMessageOverridesArgs
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    PtkRekeyIntv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    RadiusMacAuthBlockInterval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups []VapRadiusMacAuthUsergroupArgs
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    RadiusMacMpskTimeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11a string
    Allowed data rates for 802.11a.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    Rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    Rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    Rates11bg string
    Allowed data rates for 802.11b/g.
    Rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    SaeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    SaePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    Schedule string
    VAP schedule name.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups []VapSelectedUsergroupArgs
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    TunnelEchoInterval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroups []VapUsergroupArgs
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    UtmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    VlanNames []VapVlanNameArgs
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools []VapVlanPoolArgs
    VLAN pool. The structure of vlan_pool block is documented below.
    Vlanid int
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Integer
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms String
    Additional AKMs.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only String
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList String
    Application control list name.
    applicationReportIntv Integer
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Integer
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertising String
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection String
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression String
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer Integer
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Integer
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal String
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Integer
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret String
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret String
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Integer
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime Integer
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv Integer
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain Integer
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Integer
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Integer
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Integer
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv Integer
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules String
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key String
    WEP Key.
    keyindex Integer
    WEP key index (1 - 4).
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp String
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists List<VapMacFilterList>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Integer
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Integer
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Integer
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk String
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients Integer
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys List<VapMpskKey>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    nasFilterRule String
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups String
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrase String
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Integer
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Integer
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Integer
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Integer
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv Integer
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval Integer
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<VapRadiusMacAuthUsergroup>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout Integer
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11a String
    Allowed data rates for 802.11a.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 String
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 String
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 String
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 String
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg String
    Allowed data rates for 802.11b/g.
    rates11nSs12 String
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 String
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups String
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword String
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule String
    VAP schedule name.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups List<VapSelectedUsergroup>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval Integer
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Integer
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups List<VapUsergroup>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog String
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames List<VapVlanName>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<VapVlanPool>
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid Integer
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.
    accessControlList string
    access-control-list profile name.
    acctInterimInterval number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms string
    Additional AKMs.
    addressGroup string
    Address group ID.
    addressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only string
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias string
    Alias.
    antivirusProfile string
    AntiVirus profile name.
    applicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList string
    Application control list name.
    applicationReportIntv number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight number
    Airtime weight in percentage (default = 20).
    auth string
    Authentication protocol.
    authCert string
    HTTPS server certificate.
    authPortalAddr string
    Address of captive portal.
    beaconAdvertising string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection string
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal string
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName string
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret string
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret string
    Secret key to access the RADIUS server.
    captivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable string
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout string
    URL of external authentication logout server.
    externalWeb string
    URL of external authentication web server.
    externalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit number
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv number
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile string
    Hotspot 2.0 profile name.
    igmpSnooping string
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip string
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor string
    IPS sensor name.
    ipv6Rules string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key string
    WEP Key.
    keyindex number
    WEP key index (1 - 4).
    l3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication string
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp string
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists VapMacFilterList[]
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp number
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk string
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients number
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys VapMpskKey[]
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile string
    MPSK profile name.
    muMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac string
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile string
    NAC profile name.
    name string
    Virtual AP name.
    nasFilterRule string
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups string
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid string
    OWE transition mode peer SSID.
    passphrase string
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides VapPortalMessageOverrides
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile string
    Primary wireless access gateway profile name.
    probeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv number
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile string
    Quality of service profile name.
    quarantine string
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer string
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups VapRadiusMacAuthUsergroup[]
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer string
    RADIUS server to be used to authenticate WiFi users.
    rates11a string
    Allowed data rates for 802.11a.
    rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 string
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 string
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 string
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg string
    Allowed data rates for 802.11b/g.
    rates11nSs12 string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups string
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword string
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule string
    VAP schedule name.
    secondaryWagProfile string
    Secondary wireless access gateway profile name.
    security string
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList string
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption string
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups VapSelectedUsergroup[]
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups VapUsergroup[]
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog string
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile string
    UTM profile name.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames VapVlanName[]
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools VapVlanPool[]
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid number
    Optional VLAN ID.
    voiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile string
    WebFilter profile name.
    access_control_list str
    access-control-list profile name.
    acct_interim_interval int
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additional_akms str
    Additional AKMs.
    address_group str
    Address group ID.
    address_group_policy str
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24_only str
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias str
    Alias.
    antivirus_profile str
    AntiVirus profile name.
    application_detection_engine str
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    application_dscp_marking str
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    application_list str
    Application control list name.
    application_report_intv int
    Application report interval (30 - 864000 sec, default = 120).
    atf_weight int
    Airtime weight in percentage (default = 20).
    auth str
    Authentication protocol.
    auth_cert str
    HTTPS server certificate.
    auth_portal_addr str
    Address of captive portal.
    beacon_advertising str
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beacon_protection str
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcast_ssid str
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcast_suppression str
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bss_color_partial str
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstm_disassociation_imminent str
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstm_load_balancing_disassoc_timer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstm_rssi_disassoc_timer int
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captive_portal str
    Enable/disable captive portal. Valid values: enable, disable.
    captive_portal_ac_name str
    Local-bridging captive portal ac-name.
    captive_portal_auth_timeout int
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captive_portal_fw_accounting str
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captive_portal_macauth_radius_secret str
    Secret key to access the macauth RADIUS server.
    captive_portal_macauth_radius_server str
    Captive portal external RADIUS server domain name or IP address.
    captive_portal_radius_secret str
    Secret key to access the RADIUS server.
    captive_portal_radius_server str
    Captive portal RADIUS server domain name or IP address.
    captive_portal_session_timeout_interval int
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcp_address_enforcement str
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcp_lease_time int
    DHCP lease time in seconds for NAT IP address.
    dhcp_option43_insertion str
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcp_option82_circuit_id_insertion str
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcp_option82_insertion str
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcp_option82_remote_id_insertion str
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamic_sort_subtable str
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamic_vlan str
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eap_reauth str
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eap_reauth_intv int
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapol_key_retries str
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt str
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    external_fast_roaming str
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    external_logout str
    URL of external authentication logout server.
    external_web str
    URL of external authentication web server.
    external_web_format str
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fast_bss_transition str
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fast_roaming str
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ft_mobility_domain int
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ft_over_ds str
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ft_r0_key_lifetime int
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gas_comeback_delay int
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gas_fragmentation_limit int
    GAS fragmentation limit (512 - 4096, default = 1024).
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtk_rekey str
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtk_rekey_intv int
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    high_efficiency str
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20_profile str
    Hotspot 2.0 profile name.
    igmp_snooping str
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intra_vap_privacy str
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip str
    IP address and subnet mask for the local standalone NAT subnet.
    ips_sensor str
    IPS sensor name.
    ipv6_rules str
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key str
    WEP Key.
    keyindex int
    WEP key index (1 - 4).
    l3_roaming str
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3_roaming_mode str
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc str
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    local_authentication str
    Enable/disable AP local authentication. Valid values: enable, disable.
    local_bridging str
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    local_lan str
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    local_standalone str
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    local_standalone_dns str
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    local_standalone_dns_ip str
    IPv4 addresses for the local standalone DNS.
    local_standalone_nat str
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    mac_auth_bypass str
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    mac_called_station_delimiter str
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_calling_station_delimiter str
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_case str
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    mac_filter str
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    mac_filter_lists Sequence[VapMacFilterListArgs]
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    mac_filter_policy_other str
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    max_clients int
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    max_clients_ap int
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo str
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mbo_cell_data_conn_pref str
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    me_disable_thresh int
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    mesh_backhaul str
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk str
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpsk_concurrent_clients int
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpsk_keys Sequence[VapMpskKeyArgs]
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpsk_profile str
    MPSK profile name.
    mu_mimo str
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicast_enhance str
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicast_rate str
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k str
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v str
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac str
    Enable/disable network access control. Valid values: enable, disable.
    nac_profile str
    NAC profile name.
    name str
    Virtual AP name.
    nas_filter_rule str
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighbor_report_dual_band str
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc str
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen str
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    owe_groups str
    OWE-Groups. Valid values: 19, 20, 21.
    owe_transition str
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    owe_transition_ssid str
    OWE transition mode peer SSID.
    passphrase str
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf str
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmf_assoc_comeback_timeout int
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmf_sa_query_retry_timeout int
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    port_macauth str
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    port_macauth_reauth_timeout int
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    port_macauth_timeout int
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portal_message_override_group str
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portal_message_overrides VapPortalMessageOverridesArgs
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portal_type str
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primary_wag_profile str
    Primary wireless access gateway profile name.
    probe_resp_suppression str
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probe_resp_threshold str
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptk_rekey str
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptk_rekey_intv int
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qos_profile str
    Quality of service profile name.
    quarantine str
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radio_sensitivity str
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radius_mac_auth str
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radius_mac_auth_block_interval int
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radius_mac_auth_server str
    RADIUS-based MAC authentication server.
    radius_mac_auth_usergroups Sequence[VapRadiusMacAuthUsergroupArgs]
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radius_mac_mpsk_auth str
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radius_mac_mpsk_timeout int
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radius_server str
    RADIUS server to be used to authenticate WiFi users.
    rates11a str
    Allowed data rates for 802.11a.
    rates11ac_mcs_map str
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11ac_ss12 str
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ac_ss34 str
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11ax_mcs_map str
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11ax_ss12 str
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ax_ss34 str
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11be_mcs_map str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11be_mcs_map160 str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11be_mcs_map320 str
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg str
    Allowed data rates for 802.11b/g.
    rates11n_ss12 str
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11n_ss34 str
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roaming_acct_interim_update str
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    sae_groups str
    SAE-Groups. Valid values: 19, 20, 21.
    sae_h2e_only str
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    sae_hnp_only str
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    sae_password str
    WPA3 SAE password to be used to authenticate WiFi users.
    sae_pk str
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    sae_private_key str
    Private key used for WPA3 SAE-PK authentication.
    scan_botnet_connections str
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule str
    VAP schedule name.
    secondary_wag_profile str
    Secondary wireless access gateway profile name.
    security str
    Security mode for the wireless interface (default = wpa2-only-personal).
    security_exempt_list str
    Optional security exempt list for captive portal authentication.
    security_obsolete_option str
    Enable/disable obsolete security options. Valid values: enable, disable.
    security_redirect_url str
    Optional URL for redirecting users after they pass captive portal authentication.
    selected_usergroups Sequence[VapSelectedUsergroupArgs]
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    split_tunneling str
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid str
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    sticky_client_remove str
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    sticky_client_threshold2g str
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    sticky_client_threshold5g str
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    sticky_client_threshold6g str
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    target_wake_time str
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkip_counter_measure str
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnel_echo_interval int
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnel_fallback_interval int
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups Sequence[VapUsergroupArgs]
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utm_log str
    Enable/disable UTM logging. Valid values: enable, disable.
    utm_profile str
    UTM profile name.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlan_auto str
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlan_names Sequence[VapVlanNameArgs]
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlan_pooling str
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlan_pools Sequence[VapVlanPoolArgs]
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid int
    Optional VLAN ID.
    voice_enterprise str
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilter_profile str
    WebFilter profile name.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms String
    Additional AKMs.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    akm24Only String
    WPA3 SAE using group-dependent hash only (default = disable). Valid values: disable, enable.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: enable, disable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: enable, disable.
    applicationList String
    Application control list name.
    applicationReportIntv Number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Number
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertising String
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    beaconProtection String
    Enable/disable beacon protection support (default = disable). Valid values: disable, enable.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: enable, disable.
    broadcastSuppression String
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: enable, disable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: enable, disable.
    bstmLoadBalancingDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortal String
    Enable/disable captive portal. Valid values: enable, disable.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: enable, disable.
    captivePortalMacauthRadiusSecret String
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecret String
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: enable, disable.
    dhcpLeaseTime Number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: enable, disable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable).
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: enable, disable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: style-1, disable.
    dynamicSortSubtable String
    Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: enable, disable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: enable, disable.
    eapReauthIntv Number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: enable, disable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: enable, disable.
    ftMobilityDomain Number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Number
    GAS fragmentation limit (512 - 4096, default = 1024).
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: enable, disable.
    gtkRekeyIntv Number
    GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: enable, disable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: enable, disable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: enable, disable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules String
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    key String
    WEP Key.
    keyindex Number
    WEP key index (1 - 4).
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: enable, disable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, rx, tx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: enable, disable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: enable, disable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: allow, deny.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: enable, disable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: enable, disable.
    localStandaloneDnsIp String
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: enable, disable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: enable, disable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: enable, disable.
    macFilterLists List<Property Map>
    Create a list of MAC addresses for MAC address filtering. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: allow, deny.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Number
    Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: enable, disable.
    mpsk String
    Enable/disable multiple pre-shared keys (PSKs.) Valid values: enable, disable.
    mpskConcurrentClients Number
    Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled.
    mpskKeys List<Property Map>
    Pre-shared keys that can be used to connect to this virtual access point. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: enable, disable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: enable, disable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: enable, disable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    nasFilterRule String
    Enable/disable NAS filter rule support (default = disable). Valid values: enable, disable.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: enable, disable.
    oweGroups String
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrase String
    WPA pre-shard key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides Property Map
    Individual message overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: enable, disable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: enable, disable.
    ptkRekeyIntv Number
    PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec.
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: enable, disable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: enable, disable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: enable, disable.
    radiusMacAuthBlockInterval Number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<Property Map>
    Selective user groups that are permitted for RADIUS mac authentication. The structure of radius_mac_auth_usergroups block is documented below.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: enable, disable.
    radiusMacMpskTimeout Number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11a String
    Allowed data rates for 802.11a.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12 String
    Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11acSs34 String
    Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12 String
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34 String
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11beMcsMap String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.
    rates11beMcsMap160 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.
    rates11beMcsMap320 String
    Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.
    rates11bg String
    Allowed data rates for 802.11b/g.
    rates11nSs12 String
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34 String
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: enable, disable.
    saeGroups String
    SAE-Groups. Valid values: 19, 20, 21.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: enable, disable.
    saePassword String
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: enable, disable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, monitor, block.
    schedule String
    VAP schedule name.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal).
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: enable, disable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups List<Property Map>
    Selective user groups that are permitted to authenticate. The structure of selected_usergroups block is documented below.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: enable, disable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: enable, disable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: enable, disable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: enable, disable.
    tunnelEchoInterval Number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroups List<Property Map>
    Firewall user group to be used to authenticate WiFi users. The structure of usergroup block is documented below.
    utmLog String
    Enable/disable UTM logging. Valid values: enable, disable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: enable, disable.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: enable, disable.
    vlanNames List<Property Map>
    Table for mapping VLAN name to VLAN ID. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<Property Map>
    VLAN pool. The structure of vlan_pool block is documented below.
    vlanid Number
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.

    Supporting Types

    VapMacFilterList, VapMacFilterListArgs

    Id int
    ID.
    Mac string
    MAC address.
    MacFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: allow, deny.
    Id int
    ID.
    Mac string
    MAC address.
    MacFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: allow, deny.
    id Integer
    ID.
    mac String
    MAC address.
    macFilterPolicy String
    Deny or allow the client with this MAC address. Valid values: allow, deny.
    id number
    ID.
    mac string
    MAC address.
    macFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: allow, deny.
    id int
    ID.
    mac str
    MAC address.
    mac_filter_policy str
    Deny or allow the client with this MAC address. Valid values: allow, deny.
    id Number
    ID.
    mac String
    MAC address.
    macFilterPolicy String
    Deny or allow the client with this MAC address. Valid values: allow, deny.

    VapMpskKey, VapMpskKeyArgs

    Comment string
    Comment.
    ConcurrentClients string
    Number of clients that can connect using this pre-shared key.
    KeyName string
    Pre-shared key name.
    MpskSchedules List<Pulumiverse.Fortios.Wirelesscontroller.Inputs.VapMpskKeyMpskSchedule>
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    Passphrase string
    WPA Pre-shared key.
    Comment string
    Comment.
    ConcurrentClients string
    Number of clients that can connect using this pre-shared key.
    KeyName string
    Pre-shared key name.
    MpskSchedules []VapMpskKeyMpskSchedule
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    Passphrase string
    WPA Pre-shared key.
    comment String
    Comment.
    concurrentClients String
    Number of clients that can connect using this pre-shared key.
    keyName String
    Pre-shared key name.
    mpskSchedules List<VapMpskKeyMpskSchedule>
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    passphrase String
    WPA Pre-shared key.
    comment string
    Comment.
    concurrentClients string
    Number of clients that can connect using this pre-shared key.
    keyName string
    Pre-shared key name.
    mpskSchedules VapMpskKeyMpskSchedule[]
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    passphrase string
    WPA Pre-shared key.
    comment str
    Comment.
    concurrent_clients str
    Number of clients that can connect using this pre-shared key.
    key_name str
    Pre-shared key name.
    mpsk_schedules Sequence[VapMpskKeyMpskSchedule]
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    passphrase str
    WPA Pre-shared key.
    comment String
    Comment.
    concurrentClients String
    Number of clients that can connect using this pre-shared key.
    keyName String
    Pre-shared key name.
    mpskSchedules List<Property Map>
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid. The structure of mpsk_schedules block is documented below.
    passphrase String
    WPA Pre-shared key.

    VapMpskKeyMpskSchedule, VapMpskKeyMpskScheduleArgs

    Name string
    Schedule name.
    Name string
    Schedule name.
    name String
    Schedule name.
    name string
    Schedule name.
    name str
    Schedule name.
    name String
    Schedule name.

    VapPortalMessageOverrides, VapPortalMessageOverridesArgs

    AuthDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    AuthLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    AuthLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    AuthRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    AuthDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    AuthLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    AuthLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    AuthRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage String
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage String
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage String
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage String
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    auth_disclaimer_page str
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    auth_login_failed_page str
    Override auth-login-failed-page message with message from portal-message-overrides group.
    auth_login_page str
    Override auth-login-page message with message from portal-message-overrides group.
    auth_reject_page str
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage String
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage String
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage String
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage String
    Override auth-reject-page message with message from portal-message-overrides group.

    VapRadiusMacAuthUsergroup, VapRadiusMacAuthUsergroupArgs

    Name string
    User group name.
    Name string
    User group name.
    name String
    User group name.
    name string
    User group name.
    name str
    User group name.
    name String
    User group name.

    VapSelectedUsergroup, VapSelectedUsergroupArgs

    Name string
    User group name.
    Name string
    User group name.
    name String
    User group name.
    name string
    User group name.
    name str
    User group name.
    name String
    User group name.

    VapUsergroup, VapUsergroupArgs

    Name string
    User group name.
    Name string
    User group name.
    name String
    User group name.
    name string
    User group name.
    name str
    User group name.
    name String
    User group name.

    VapVlanName, VapVlanNameArgs

    Name string
    VLAN name.
    VlanId int
    VLAN ID.
    Name string
    VLAN name.
    VlanId int
    VLAN ID.
    name String
    VLAN name.
    vlanId Integer
    VLAN ID.
    name string
    VLAN name.
    vlanId number
    VLAN ID.
    name str
    VLAN name.
    vlan_id int
    VLAN ID.
    name String
    VLAN name.
    vlanId Number
    VLAN ID.

    VapVlanPool, VapVlanPoolArgs

    Id int
    ID.
    WtpGroup string
    WTP group name.
    Id int
    ID.
    WtpGroup string
    WTP group name.
    id Integer
    ID.
    wtpGroup String
    WTP group name.
    id number
    ID.
    wtpGroup string
    WTP group name.
    id int
    ID.
    wtp_group str
    WTP group name.
    id Number
    ID.
    wtpGroup String
    WTP group name.

    Import

    WirelessController Vap can be imported using any of these accepted formats:

    $ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}}
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse