Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.ObjectFirewallVipDynamicMapping
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure virtual IP for IPv4.
This resource is a sub resource for variable
dynamic_mappingof resourcefortimanager.ObjectFirewallVip. Conflict and overwrite may occur if use both of them. The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
realservers:fortimanager_object_firewall_vip_dynamic_mapping_realserversssl_cipher_suites:fortimanager_object_firewall_vip_dynamic_mapping_sslciphersuites
Create ObjectFirewallVipDynamicMapping Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectFirewallVipDynamicMapping(name: string, args: ObjectFirewallVipDynamicMappingArgs, opts?: CustomResourceOptions);@overload
def ObjectFirewallVipDynamicMapping(resource_name: str,
args: ObjectFirewallVipDynamicMappingInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectFirewallVipDynamicMapping(resource_name: str,
opts: Optional[ResourceOptions] = None,
vip: Optional[str] = None,
_scopes: Optional[Sequence[ObjectFirewallVipDynamicMapping_ScopeArgs]] = None,
add_nat46_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dns_mapping_ttl: Optional[float] = None,
dynamic_sort_subtable: Optional[str] = None,
extaddr: Optional[str] = None,
extintf: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
gratuitous_arp_interval: Optional[float] = None,
gslb_domain_name: Optional[str] = None,
gslb_hostname: Optional[str] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_multiplex_max_concurrent_request: Optional[float] = None,
http_multiplex_max_request: Optional[float] = None,
http_multiplex_ttl: Optional[float] = None,
http_redirect: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv6_mappedip: Optional[str] = None,
ipv6_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mapped_addr: Optional[str] = None,
mappedips: Optional[Sequence[str]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
nat44: Optional[str] = None,
nat46: Optional[str] = None,
nat_source_vip: Optional[str] = None,
object_firewall_vip_dynamic_mapping_id: Optional[str] = None,
one_click_gslb_server: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
portmapping_type: Optional[str] = None,
protocol: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallVipDynamicMappingRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
service: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
srcintf_filters: Optional[Sequence[str]] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVipDynamicMappingSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None)func NewObjectFirewallVipDynamicMapping(ctx *Context, name string, args ObjectFirewallVipDynamicMappingArgs, opts ...ResourceOption) (*ObjectFirewallVipDynamicMapping, error)public ObjectFirewallVipDynamicMapping(string name, ObjectFirewallVipDynamicMappingArgs args, CustomResourceOptions? opts = null)public ObjectFirewallVipDynamicMapping(String name, ObjectFirewallVipDynamicMappingArgs args)
public ObjectFirewallVipDynamicMapping(String name, ObjectFirewallVipDynamicMappingArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallVipDynamicMapping
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVipDynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ObjectFirewallVipDynamicMappingInitArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVipDynamicMappingArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectFirewallVipDynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectFirewallVipDynamicMappingArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectFirewallVipDynamicMappingResource = new Fortimanager.ObjectFirewallVipDynamicMapping("objectFirewallVipDynamicMappingResource", new()
{
Vip = "string",
_scopes = new[]
{
new Fortimanager.Inputs.ObjectFirewallVipDynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AddNat46Route = "string",
Adom = "string",
ArpReply = "string",
Color = 0,
Comment = "string",
DnsMappingTtl = 0,
DynamicSortSubtable = "string",
Extaddr = "string",
Extintf = "string",
Extip = "string",
Extport = "string",
Fosid = 0,
GratuitousArpInterval = 0,
GslbDomainName = "string",
GslbHostname = "string",
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpMultiplexMaxConcurrentRequest = 0,
HttpMultiplexMaxRequest = 0,
HttpMultiplexTtl = 0,
HttpRedirect = "string",
HttpSupportedMaxVersion = "string",
HttpsCookieSecure = "string",
Ipv6Mappedip = "string",
Ipv6Mappedport = "string",
LdbMethod = "string",
MappedAddr = "string",
Mappedips = new[]
{
"string",
},
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitor = "string",
Nat44 = "string",
Nat46 = "string",
NatSourceVip = "string",
ObjectFirewallVipDynamicMappingId = "string",
OneClickGslbServer = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
PortmappingType = "string",
Protocol = "string",
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallVipDynamicMappingRealserverArgs
{
Address = "string",
ClientIps = new[]
{
"string",
},
HealthCheckProto = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Seq = 0,
Status = "string",
TranslateHost = "string",
Type = "string",
Weight = 0,
},
},
Scopetype = "string",
ServerType = "string",
Service = "string",
SrcFilters = new[]
{
"string",
},
SrcVipFilter = "string",
SrcintfFilters = new[]
{
"string",
},
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallVipDynamicMappingSslCipherSuiteArgs
{
Cipher = "string",
Id = 0,
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Status = "string",
Type = "string",
Uuid = "string",
WeblogicServer = "string",
WebsphereServer = "string",
});
example, err := fortimanager.NewObjectFirewallVipDynamicMapping(ctx, "objectFirewallVipDynamicMappingResource", &fortimanager.ObjectFirewallVipDynamicMappingArgs{
Vip: pulumi.String("string"),
_scopes: .ObjectFirewallVipDynamicMapping_ScopeArray{
&.ObjectFirewallVipDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AddNat46Route: pulumi.String("string"),
Adom: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
DnsMappingTtl: pulumi.Float64(0),
DynamicSortSubtable: pulumi.String("string"),
Extaddr: pulumi.String("string"),
Extintf: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Float64(0),
GratuitousArpInterval: pulumi.Float64(0),
GslbDomainName: pulumi.String("string"),
GslbHostname: pulumi.String("string"),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpMultiplexMaxConcurrentRequest: pulumi.Float64(0),
HttpMultiplexMaxRequest: pulumi.Float64(0),
HttpMultiplexTtl: pulumi.Float64(0),
HttpRedirect: pulumi.String("string"),
HttpSupportedMaxVersion: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv6Mappedip: pulumi.String("string"),
Ipv6Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
MappedAddr: pulumi.String("string"),
Mappedips: pulumi.StringArray{
pulumi.String("string"),
},
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Nat44: pulumi.String("string"),
Nat46: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
ObjectFirewallVipDynamicMappingId: pulumi.String("string"),
OneClickGslbServer: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
PortmappingType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Realservers: .ObjectFirewallVipDynamicMappingRealserverArray{
&.ObjectFirewallVipDynamicMappingRealserverArgs{
Address: pulumi.String("string"),
ClientIps: pulumi.StringArray{
pulumi.String("string"),
},
HealthCheckProto: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Seq: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
Scopetype: pulumi.String("string"),
ServerType: pulumi.String("string"),
Service: pulumi.String("string"),
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SrcintfFilters: pulumi.StringArray{
pulumi.String("string"),
},
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVipDynamicMappingSslCipherSuiteArray{
&.ObjectFirewallVipDynamicMappingSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Id: pulumi.Float64(0),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Status: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
var objectFirewallVipDynamicMappingResource = new ObjectFirewallVipDynamicMapping("objectFirewallVipDynamicMappingResource", ObjectFirewallVipDynamicMappingArgs.builder()
.vip("string")
._scopes(ObjectFirewallVipDynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.addNat46Route("string")
.adom("string")
.arpReply("string")
.color(0)
.comment("string")
.dnsMappingTtl(0)
.dynamicSortSubtable("string")
.extaddr("string")
.extintf("string")
.extip("string")
.extport("string")
.fosid(0)
.gratuitousArpInterval(0)
.gslbDomainName("string")
.gslbHostname("string")
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpMultiplexMaxConcurrentRequest(0)
.httpMultiplexMaxRequest(0)
.httpMultiplexTtl(0)
.httpRedirect("string")
.httpSupportedMaxVersion("string")
.httpsCookieSecure("string")
.ipv6Mappedip("string")
.ipv6Mappedport("string")
.ldbMethod("string")
.mappedAddr("string")
.mappedips("string")
.mappedport("string")
.maxEmbryonicConnections(0)
.monitor("string")
.nat44("string")
.nat46("string")
.natSourceVip("string")
.objectFirewallVipDynamicMappingId("string")
.oneClickGslbServer("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.portmappingType("string")
.protocol("string")
.realservers(ObjectFirewallVipDynamicMappingRealserverArgs.builder()
.address("string")
.clientIps("string")
.healthCheckProto("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.seq(0)
.status("string")
.translateHost("string")
.type("string")
.weight(0)
.build())
.scopetype("string")
.serverType("string")
.service("string")
.srcFilters("string")
.srcVipFilter("string")
.srcintfFilters("string")
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(ObjectFirewallVipDynamicMappingSslCipherSuiteArgs.builder()
.cipher("string")
.id(0)
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.status("string")
.type("string")
.uuid("string")
.weblogicServer("string")
.websphereServer("string")
.build());
object_firewall_vip_dynamic_mapping_resource = fortimanager.ObjectFirewallVipDynamicMapping("objectFirewallVipDynamicMappingResource",
vip="string",
_scopes=[{
"name": "string",
"vdom": "string",
}],
add_nat46_route="string",
adom="string",
arp_reply="string",
color=0,
comment="string",
dns_mapping_ttl=0,
dynamic_sort_subtable="string",
extaddr="string",
extintf="string",
extip="string",
extport="string",
fosid=0,
gratuitous_arp_interval=0,
gslb_domain_name="string",
gslb_hostname="string",
h2_support="string",
h3_support="string",
http_cookie_age=0,
http_cookie_domain="string",
http_cookie_domain_from_host="string",
http_cookie_generation=0,
http_cookie_path="string",
http_cookie_share="string",
http_ip_header="string",
http_ip_header_name="string",
http_multiplex="string",
http_multiplex_max_concurrent_request=0,
http_multiplex_max_request=0,
http_multiplex_ttl=0,
http_redirect="string",
http_supported_max_version="string",
https_cookie_secure="string",
ipv6_mappedip="string",
ipv6_mappedport="string",
ldb_method="string",
mapped_addr="string",
mappedips=["string"],
mappedport="string",
max_embryonic_connections=0,
monitor="string",
nat44="string",
nat46="string",
nat_source_vip="string",
object_firewall_vip_dynamic_mapping_id="string",
one_click_gslb_server="string",
outlook_web_access="string",
persistence="string",
portforward="string",
portmapping_type="string",
protocol="string",
realservers=[{
"address": "string",
"client_ips": ["string"],
"health_check_proto": "string",
"healthcheck": "string",
"holddown_interval": 0,
"http_host": "string",
"id": 0,
"ip": "string",
"max_connections": 0,
"monitor": "string",
"port": 0,
"seq": 0,
"status": "string",
"translate_host": "string",
"type": "string",
"weight": 0,
}],
scopetype="string",
server_type="string",
service="string",
src_filters=["string"],
src_vip_filter="string",
srcintf_filters=["string"],
ssl_accept_ffdhe_groups="string",
ssl_algorithm="string",
ssl_certificate="string",
ssl_cipher_suites=[{
"cipher": "string",
"id": 0,
"priority": 0,
"versions": ["string"],
}],
ssl_client_fallback="string",
ssl_client_rekey_count=0,
ssl_client_renegotiation="string",
ssl_client_session_state_max=0,
ssl_client_session_state_timeout=0,
ssl_client_session_state_type="string",
ssl_dh_bits="string",
ssl_hpkp="string",
ssl_hpkp_age=0,
ssl_hpkp_backup="string",
ssl_hpkp_include_subdomains="string",
ssl_hpkp_primary="string",
ssl_hpkp_report_uri="string",
ssl_hsts="string",
ssl_hsts_age=0,
ssl_hsts_include_subdomains="string",
ssl_http_location_conversion="string",
ssl_http_match_host="string",
ssl_max_version="string",
ssl_min_version="string",
ssl_mode="string",
ssl_pfs="string",
ssl_send_empty_frags="string",
ssl_server_algorithm="string",
ssl_server_max_version="string",
ssl_server_min_version="string",
ssl_server_renegotiation="string",
ssl_server_session_state_max=0,
ssl_server_session_state_timeout=0,
ssl_server_session_state_type="string",
status="string",
type="string",
uuid="string",
weblogic_server="string",
websphere_server="string")
const objectFirewallVipDynamicMappingResource = new fortimanager.ObjectFirewallVipDynamicMapping("objectFirewallVipDynamicMappingResource", {
vip: "string",
_scopes: [{
name: "string",
vdom: "string",
}],
addNat46Route: "string",
adom: "string",
arpReply: "string",
color: 0,
comment: "string",
dnsMappingTtl: 0,
dynamicSortSubtable: "string",
extaddr: "string",
extintf: "string",
extip: "string",
extport: "string",
fosid: 0,
gratuitousArpInterval: 0,
gslbDomainName: "string",
gslbHostname: "string",
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpMultiplexMaxConcurrentRequest: 0,
httpMultiplexMaxRequest: 0,
httpMultiplexTtl: 0,
httpRedirect: "string",
httpSupportedMaxVersion: "string",
httpsCookieSecure: "string",
ipv6Mappedip: "string",
ipv6Mappedport: "string",
ldbMethod: "string",
mappedAddr: "string",
mappedips: ["string"],
mappedport: "string",
maxEmbryonicConnections: 0,
monitor: "string",
nat44: "string",
nat46: "string",
natSourceVip: "string",
objectFirewallVipDynamicMappingId: "string",
oneClickGslbServer: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
portmappingType: "string",
protocol: "string",
realservers: [{
address: "string",
clientIps: ["string"],
healthCheckProto: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
seq: 0,
status: "string",
translateHost: "string",
type: "string",
weight: 0,
}],
scopetype: "string",
serverType: "string",
service: "string",
srcFilters: ["string"],
srcVipFilter: "string",
srcintfFilters: ["string"],
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
id: 0,
priority: 0,
versions: ["string"],
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
status: "string",
type: "string",
uuid: "string",
weblogicServer: "string",
websphereServer: "string",
});
type: fortimanager:ObjectFirewallVipDynamicMapping
properties:
_scopes:
- name: string
vdom: string
addNat46Route: string
adom: string
arpReply: string
color: 0
comment: string
dnsMappingTtl: 0
dynamicSortSubtable: string
extaddr: string
extintf: string
extip: string
extport: string
fosid: 0
gratuitousArpInterval: 0
gslbDomainName: string
gslbHostname: string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpMultiplexMaxConcurrentRequest: 0
httpMultiplexMaxRequest: 0
httpMultiplexTtl: 0
httpRedirect: string
httpSupportedMaxVersion: string
httpsCookieSecure: string
ipv6Mappedip: string
ipv6Mappedport: string
ldbMethod: string
mappedAddr: string
mappedips:
- string
mappedport: string
maxEmbryonicConnections: 0
monitor: string
nat44: string
nat46: string
natSourceVip: string
objectFirewallVipDynamicMappingId: string
oneClickGslbServer: string
outlookWebAccess: string
persistence: string
portforward: string
portmappingType: string
protocol: string
realservers:
- address: string
clientIps:
- string
healthCheckProto: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
seq: 0
status: string
translateHost: string
type: string
weight: 0
scopetype: string
serverType: string
service: string
srcFilters:
- string
srcVipFilter: string
srcintfFilters:
- string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
id: 0
priority: 0
versions:
- string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
status: string
type: string
uuid: string
vip: string
weblogicServer: string
websphereServer: string
ObjectFirewallVipDynamicMapping Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectFirewallVipDynamicMapping resource accepts the following input properties:
- Vip
This property is required. string - Vip.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping doubleTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Extaddr string
- External FQDN address name.
- Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- Gratuitous
Arp doubleInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Multiplex doubleMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex doubleMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex doubleTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips List<string>
- IP address or address range on the destination network to which the external IP address is mapped.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - Object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Realservers
List<Object
Firewall Vip Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Service string
- Service name.
- Src
Filters List<string> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Srcintf
Filters List<string> - Interfaces to which the VIP applies. Separate the names with spaces.
- Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Status. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes List<ObjectFirewall Vip Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Vip
This property is required. string - Vip.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping float64Ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Extaddr string
- External FQDN address name.
- Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- Gratuitous
Arp float64Interval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Multiplex float64Max Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex float64Max Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex float64Ttl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips []string
- IP address or address range on the destination network to which the external IP address is mapped.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - Object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Realservers
[]Object
Firewall Vip Dynamic Mapping Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Service string
- Service name.
- Src
Filters []string - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Srcintf
Filters []string - Interfaces to which the VIP applies. Separate the names with spaces.
- Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Status. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes []ObjectFirewall Vip Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- vip
This property is required. String - Vip.
- _
scopes List<ObjectFirewall Vip Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping DoubleTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr String
- External FQDN address name.
- extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- gratuitous
Arp DoubleInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex DoubleMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex DoubleMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex DoubleTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<String>
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall StringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
List<Object
Firewall Vip Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service String
- Service name.
- src
Filters List<String> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters List<String> - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Status. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip
This property is required. string - Vip.
- _
scopes ObjectFirewall Vip Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dns
Mapping numberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr string
- External FQDN address name.
- extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- gratuitous
Arp numberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex numberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex numberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex numberTtl - Time-to-live for idle connections to servers.
- http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr string - Mapped FQDN address name.
- mappedips string[]
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
Object
Firewall Vip Dynamic Mapping Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service string
- Service name.
- src
Filters string[] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters string[] - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status string
- Status. Valid values:
disable,enable. - type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip
This property is required. str - Vip.
- _
scopes Sequence[ObjectFirewall Vip Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - add_
nat46_ strroute - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dns_
mapping_ floatttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr str
- External FQDN address name.
- extintf str
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- gratuitous_
arp_ floatinterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb_
domain_ strname - Domain to use when integrating with FortiGSLB.
- gslb_
hostname str - Hostname to use within the configured FortiGSLB domain.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
multiplex_ floatmax_ concurrent_ request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http_
multiplex_ floatmax_ request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http_
multiplex_ floatttl - Time-to-live for idle connections to servers.
- http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6_
mappedip str - Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6_
mappedport str - IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped_
addr str - Mapped FQDN address name.
- mappedips Sequence[str]
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 str
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 str
- Enable/disable NAT46. Valid values:
disable,enable. - nat_
source_ strvip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object_
firewall_ strvip_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one_
click_ strgslb_ server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping_
type str - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
Sequence[Object
Firewall Vip Dynamic Mapping Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service str
- Service name.
- src_
filters Sequence[str] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf_
filters Sequence[str] - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip Dynamic Mapping Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of seconds the client should honour the HPKP setting.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status str
- Status. Valid values:
disable,enable. - type str
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- vip
This property is required. String - Vip.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping NumberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr String
- External FQDN address name.
- extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- gratuitous
Arp NumberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex NumberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex NumberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex NumberTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<String>
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall StringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service String
- Service name.
- src
Filters List<String> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters List<String> - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Status. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectFirewallVipDynamicMapping resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectFirewallVipDynamicMapping Resource
Get an existing ObjectFirewallVipDynamicMapping resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectFirewallVipDynamicMappingState, opts?: CustomResourceOptions): ObjectFirewallVipDynamicMapping@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_scopes: Optional[Sequence[ObjectFirewallVipDynamicMapping_ScopeArgs]] = None,
add_nat46_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dns_mapping_ttl: Optional[float] = None,
dynamic_sort_subtable: Optional[str] = None,
extaddr: Optional[str] = None,
extintf: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
gratuitous_arp_interval: Optional[float] = None,
gslb_domain_name: Optional[str] = None,
gslb_hostname: Optional[str] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_multiplex_max_concurrent_request: Optional[float] = None,
http_multiplex_max_request: Optional[float] = None,
http_multiplex_ttl: Optional[float] = None,
http_redirect: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv6_mappedip: Optional[str] = None,
ipv6_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mapped_addr: Optional[str] = None,
mappedips: Optional[Sequence[str]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
nat44: Optional[str] = None,
nat46: Optional[str] = None,
nat_source_vip: Optional[str] = None,
object_firewall_vip_dynamic_mapping_id: Optional[str] = None,
one_click_gslb_server: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
portmapping_type: Optional[str] = None,
protocol: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallVipDynamicMappingRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
service: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
srcintf_filters: Optional[Sequence[str]] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVipDynamicMappingSslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
status: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
vip: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None) -> ObjectFirewallVipDynamicMappingfunc GetObjectFirewallVipDynamicMapping(ctx *Context, name string, id IDInput, state *ObjectFirewallVipDynamicMappingState, opts ...ResourceOption) (*ObjectFirewallVipDynamicMapping, error)public static ObjectFirewallVipDynamicMapping Get(string name, Input<string> id, ObjectFirewallVipDynamicMappingState? state, CustomResourceOptions? opts = null)public static ObjectFirewallVipDynamicMapping get(String name, Output<String> id, ObjectFirewallVipDynamicMappingState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectFirewallVipDynamicMapping get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping doubleTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Extaddr string
- External FQDN address name.
- Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- Gratuitous
Arp doubleInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Multiplex doubleMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex doubleMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex doubleTtl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips List<string>
- IP address or address range on the destination network to which the external IP address is mapped.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - Object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Realservers
List<Object
Firewall Vip Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Service string
- Service name.
- Src
Filters List<string> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Srcintf
Filters List<string> - Interfaces to which the VIP applies. Separate the names with spaces.
- Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Status. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vip string
- Vip.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes List<ObjectFirewall Vip Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dns
Mapping float64Ttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Extaddr string
- External FQDN address name.
- Extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- Gratuitous
Arp float64Interval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- Gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- Gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Multiplex float64Max Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- Http
Multiplex float64Max Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- Http
Multiplex float64Ttl - Time-to-live for idle connections to servers.
- Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- Ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mapped
Addr string - Mapped FQDN address name.
- Mappedips []string
- IP address or address range on the destination network to which the external IP address is mapped.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - Nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - Nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - Object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- One
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - Portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - Realservers
[]Object
Firewall Vip Dynamic Mapping Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Service string
- Service name.
- Src
Filters []string - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Srcintf
Filters []string - Interfaces to which the VIP applies. Separate the names with spaces.
- Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of seconds the client should honour the HPKP setting.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Status string
- Status. Valid values:
disable,enable. - Type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Vip string
- Vip.
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes []ObjectFirewall Vip Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- _
scopes List<ObjectFirewall Vip Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping DoubleTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr String
- External FQDN address name.
- extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- gratuitous
Arp DoubleInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex DoubleMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex DoubleMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex DoubleTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<String>
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall StringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
List<Object
Firewall Vip Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service String
- Service name.
- src
Filters List<String> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters List<String> - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Status. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip String
- Vip.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes ObjectFirewall Vip Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route string - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dns
Mapping numberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr string
- External FQDN address name.
- extintf string
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- gratuitous
Arp numberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain stringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname string - Hostname to use within the configured FortiGSLB domain.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex numberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex numberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex numberTtl - Time-to-live for idle connections to servers.
- http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip string
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport string
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr string - Mapped FQDN address name.
- mappedips string[]
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 string
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 string
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source stringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall stringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click stringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type string - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
Object
Firewall Vip Dynamic Mapping Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service string
- Service name.
- src
Filters string[] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters string[] - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip Dynamic Mapping Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status string
- Status. Valid values:
disable,enable. - type string
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip string
- Vip.
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes Sequence[ObjectFirewall Vip Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - add_
nat46_ strroute - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dns_
mapping_ floatttl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr str
- External FQDN address name.
- extintf str
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- gratuitous_
arp_ floatinterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb_
domain_ strname - Domain to use when integrating with FortiGSLB.
- gslb_
hostname str - Hostname to use within the configured FortiGSLB domain.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
multiplex_ floatmax_ concurrent_ request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http_
multiplex_ floatmax_ request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http_
multiplex_ floatttl - Time-to-live for idle connections to servers.
- http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6_
mappedip str - Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6_
mappedport str - IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped_
addr str - Mapped FQDN address name.
- mappedips Sequence[str]
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 str
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 str
- Enable/disable NAT46. Valid values:
disable,enable. - nat_
source_ strvip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object_
firewall_ strvip_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one_
click_ strgslb_ server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping_
type str - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers
Sequence[Object
Firewall Vip Dynamic Mapping Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service str
- Service name.
- src_
filters Sequence[str] - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf_
filters Sequence[str] - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip Dynamic Mapping Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of seconds the client should honour the HPKP setting.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status str
- Status. Valid values:
disable,enable. - type str
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip str
- Vip.
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - add
Nat46Route String - Enable/disable adding NAT46 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dns
Mapping NumberTtl - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- extaddr String
- External FQDN address name.
- extintf String
- Interface connected to the source network that receives the packets that will be forwarded to the destination network.
- extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- gratuitous
Arp NumberInterval - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
- gslb
Domain StringName - Domain to use when integrating with FortiGSLB.
- gslb
Hostname String - Hostname to use within the configured FortiGSLB domain.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Multiplex NumberMax Concurrent Request - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
- http
Multiplex NumberMax Request - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
- http
Multiplex NumberTtl - Time-to-live for idle connections to servers.
- http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv6Mappedip String
- Start-mapped-IPv6-address [-end mapped-IPv6-address].
- ipv6Mappedport String
- IPv6 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mapped
Addr String - Mapped FQDN address name.
- mappedips List<String>
- IP address or address range on the destination network to which the external IP address is mapped.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat44 String
- Enable/disable NAT44. Valid values:
disable,enable. - nat46 String
- Enable/disable NAT46. Valid values:
disable,enable. - nat
Source StringVip - Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values:
disable,enable. - object
Firewall StringVip Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- one
Click StringGslb Server - Enable/disable one click GSLB server integration with FortiGSLB. Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable/disable port forwarding. Valid values:
disable,enable. - portmapping
Type String - Port mapping type. Valid values:
1-to-1,m-to-n. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp,icmp. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - service String
- Service name.
- src
Filters List<String> - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - srcintf
Filters List<String> - Interfaces to which the VIP applies. Separate the names with spaces.
- ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of seconds the client should honour the HPKP setting.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - status String
- Status. Valid values:
disable,enable. - type String
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values:
static-nat,load-balance,server-load-balance,dns-translation,fqdn. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- vip String
- Vip.
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Supporting Types
ObjectFirewallVipDynamicMappingRealserver, ObjectFirewallVipDynamicMappingRealserverArgs
, ObjectFirewallVipDynamicMappingRealserverArgs
- Address string
- Address.
- Client
Ips List<string> - Only clients in this IP range can connect to this real server.
- Health
Check stringProto - Health-Check-Proto. Valid values:
ping,http. - Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval double - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections double - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port double
- Port for communicating with the real server. Required if port forwarding is enabled.
- Seq double
- Seq.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Type string
- Type. Valid values:
ip,address. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Address string
- Address.
- Client
Ips []string - Only clients in this IP range can connect to this real server.
- Health
Check stringProto - Health-Check-Proto. Valid values:
ping,http. - Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval float64 - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections float64 - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port float64
- Port for communicating with the real server. Required if port forwarding is enabled.
- Seq float64
- Seq.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Type string
- Type. Valid values:
ip,address. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address String
- Address.
- client
Ips List<String> - Only clients in this IP range can connect to this real server.
- health
Check StringProto - Health-Check-Proto. Valid values:
ping,http. - healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Double - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Double - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Double
- Port for communicating with the real server. Required if port forwarding is enabled.
- seq Double
- Seq.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - type String
- Type. Valid values:
ip,address. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address string
- Address.
- client
Ips string[] - Only clients in this IP range can connect to this real server.
- health
Check stringProto - Health-Check-Proto. Valid values:
ping,http. - healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- max
Connections number - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- seq number
- Seq.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - type string
- Type. Valid values:
ip,address. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address str
- Address.
- client_
ips Sequence[str] - Only clients in this IP range can connect to this real server.
- health_
check_ strproto - Health-Check-Proto. Valid values:
ping,http. - healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval float - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- max_
connections float - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port float
- Port for communicating with the real server. Required if port forwarding is enabled.
- seq float
- Seq.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - type str
- Type. Valid values:
ip,address. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- address String
- Address.
- client
Ips List<String> - Only clients in this IP range can connect to this real server.
- health
Check StringProto - Health-Check-Proto. Valid values:
ping,http. - healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Number - Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- seq Number
- Seq.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - type String
- Type. Valid values:
ip,address. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallVipDynamicMappingSslCipherSuite, ObjectFirewallVipDynamicMappingSslCipherSuiteArgs
, ObjectFirewallVipDynamicMappingSslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Id double
- Id.
- Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Id float64
- Id.
- Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - id Double
- Id.
- priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - id number
- Id.
- priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - id float
- Id.
- priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - id Number
- Id.
- priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallVipDynamicMapping_Scope, ObjectFirewallVipDynamicMapping_ScopeArgs
, ObjectFirewallVipDynamicMapping_ScopeArgs
Import
ObjectFirewall VipDynamicMapping can be imported using any of these accepted formats:
Set import_options = [“vip=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectFirewallVipDynamicMapping:ObjectFirewallVipDynamicMapping labelname {{_scope.name}}.{{_scope.vdom}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev