1. Packages
  2. Fortimanager Provider
  3. API Docs
  4. ObjectFirewallVip
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev

fortimanager.ObjectFirewallVip

Explore with Pulumi AI

Configure virtual IP for IPv4.

The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.

  • dynamic_mapping: fortimanager.ObjectFirewallVipDynamicMapping
  • gslb_public_ips: fortimanager.ObjectFirewallVipGslbpublicips
  • quic: fortimanager.ObjectFirewallVipQuic
  • realservers: fortimanager_object_firewall_vip_realservers
  • ssl_cipher_suites: fortimanager_object_firewall_vip_sslciphersuites
  • ssl_server_cipher_suites: fortimanager.ObjectFirewallVipSslserverciphersuites

Example Usage

Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallVip;
import com.pulumi.fortimanager.ObjectFirewallVipArgs;
import com.pulumi.fortimanager.inputs.ObjectFirewallVipRealserverArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname1 = new ObjectFirewallVip("trname1", ObjectFirewallVipArgs.builder()
            .arpReply("enable")
            .color(1)
            .comment("This is a Terraform example")
            .extintf("any")
            .extip("192.168.1.1")
            .httpRedirect("disable")
            .natSourceVip("disable")
            .portforward("disable")
            .sslClientFallback("enable")
            .sslServerAlgorithm("client")
            .sslServerMaxVersion("client")
            .sslServerMinVersion("client")
            .type("static-nat")
            .build());

        var trname2 = new ObjectFirewallVip("trname2", ObjectFirewallVipArgs.builder()
            .adom("myadom")
            .color(22)
            .extaddrs("")
            .extintf("any")
            .extip("1.1.1.1-2.1.1.1")
            .realservers(ObjectFirewallVipRealserverArgs.builder()
                .clientIps(                
                    "3.3.3.3-4.4.4.4",
                    "1.1.1.1-2.2.2.2")
                .healthcheck("vip")
                .holddownInterval(300)
                .ip("10.11.1.11")
                .port(80)
                .status("active")
                .type("ip")
                .build())
            .scopetype("adom")
            .sslServerMaxVersion("tls-1.2")
            .type("server-load-balance")
            .build());

    }
}
Copy
resources:
  trname1:
    type: fortimanager:ObjectFirewallVip
    properties:
      arpReply: enable
      color: 1
      comment: This is a Terraform example
      extintf:
        - any
      extip: 192.168.1.1
      httpRedirect: disable
      natSourceVip: disable
      portforward: disable
      sslClientFallback: enable
      sslServerAlgorithm: client
      sslServerMaxVersion: client
      sslServerMinVersion: client
      type: static-nat
  trname2:
    type: fortimanager:ObjectFirewallVip
    properties:
      adom: myadom
      color: 22
      extaddrs: ""
      extintf: any
      extip: 1.1.1.1-2.1.1.1
      realservers:
        - clientIps:
            - 3.3.3.3-4.4.4.4
            - 1.1.1.1-2.2.2.2
          healthcheck: vip
          holddownInterval: 300
          ip: 10.11.1.11
          port: 80
          status: active
          type: ip
      scopetype: adom
      sslServerMaxVersion: tls-1.2
      type: server-load-balance
Copy

Create ObjectFirewallVip Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ObjectFirewallVip(name: string, args?: ObjectFirewallVipArgs, opts?: CustomResourceOptions);
@overload
def ObjectFirewallVip(resource_name: str,
                      args: Optional[ObjectFirewallVipArgs] = None,
                      opts: Optional[ResourceOptions] = None)

@overload
def ObjectFirewallVip(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      add_nat46_route: Optional[str] = None,
                      adom: Optional[str] = None,
                      arp_reply: Optional[str] = None,
                      color: Optional[float] = None,
                      comment: Optional[str] = None,
                      dns_mapping_ttl: Optional[float] = None,
                      dynamic_mappings: Optional[Sequence[ObjectFirewallVipDynamicMappingArgs]] = None,
                      dynamic_sort_subtable: Optional[str] = None,
                      extaddrs: Optional[Sequence[str]] = None,
                      extintf: Optional[str] = None,
                      extip: Optional[str] = None,
                      extport: Optional[str] = None,
                      fosid: Optional[float] = None,
                      gratuitous_arp_interval: Optional[float] = None,
                      gslb_domain_name: Optional[str] = None,
                      gslb_hostname: Optional[str] = None,
                      gslb_public_ips: Optional[Sequence[ObjectFirewallVipGslbPublicIpArgs]] = None,
                      h2_support: Optional[str] = None,
                      h3_support: Optional[str] = None,
                      http_cookie_age: Optional[float] = None,
                      http_cookie_domain: Optional[str] = None,
                      http_cookie_domain_from_host: Optional[str] = None,
                      http_cookie_generation: Optional[float] = None,
                      http_cookie_path: Optional[str] = None,
                      http_cookie_share: Optional[str] = None,
                      http_ip_header: Optional[str] = None,
                      http_ip_header_name: Optional[str] = None,
                      http_multiplex: Optional[str] = None,
                      http_multiplex_max_concurrent_request: Optional[float] = None,
                      http_multiplex_max_request: Optional[float] = None,
                      http_multiplex_ttl: Optional[float] = None,
                      http_redirect: Optional[str] = None,
                      http_supported_max_version: Optional[str] = None,
                      https_cookie_secure: Optional[str] = None,
                      ipv6_mappedip: Optional[str] = None,
                      ipv6_mappedport: Optional[str] = None,
                      ldb_method: Optional[str] = None,
                      mapped_addr: Optional[str] = None,
                      mappedips: Optional[Sequence[str]] = None,
                      mappedport: Optional[str] = None,
                      max_embryonic_connections: Optional[float] = None,
                      monitor: Optional[str] = None,
                      name: Optional[str] = None,
                      nat44: Optional[str] = None,
                      nat46: Optional[str] = None,
                      nat_source_vip: Optional[str] = None,
                      object_firewall_vip_id: Optional[str] = None,
                      one_click_gslb_server: Optional[str] = None,
                      outlook_web_access: Optional[str] = None,
                      persistence: Optional[str] = None,
                      portforward: Optional[str] = None,
                      portmapping_type: Optional[str] = None,
                      protocol: Optional[str] = None,
                      quic: Optional[ObjectFirewallVipQuicArgs] = None,
                      realservers: Optional[Sequence[ObjectFirewallVipRealserverArgs]] = None,
                      scopetype: Optional[str] = None,
                      server_type: Optional[str] = None,
                      services: Optional[Sequence[str]] = None,
                      src_filters: Optional[Sequence[str]] = None,
                      src_vip_filter: Optional[str] = None,
                      srcintf_filters: Optional[Sequence[str]] = None,
                      ssl_accept_ffdhe_groups: Optional[str] = None,
                      ssl_algorithm: Optional[str] = None,
                      ssl_certificate: Optional[str] = None,
                      ssl_cipher_suites: Optional[Sequence[ObjectFirewallVipSslCipherSuiteArgs]] = None,
                      ssl_client_fallback: Optional[str] = None,
                      ssl_client_rekey_count: Optional[float] = None,
                      ssl_client_renegotiation: Optional[str] = None,
                      ssl_client_session_state_max: Optional[float] = None,
                      ssl_client_session_state_timeout: Optional[float] = None,
                      ssl_client_session_state_type: Optional[str] = None,
                      ssl_dh_bits: Optional[str] = None,
                      ssl_hpkp: Optional[str] = None,
                      ssl_hpkp_age: Optional[float] = None,
                      ssl_hpkp_backup: Optional[str] = None,
                      ssl_hpkp_include_subdomains: Optional[str] = None,
                      ssl_hpkp_primary: Optional[str] = None,
                      ssl_hpkp_report_uri: Optional[str] = None,
                      ssl_hsts: Optional[str] = None,
                      ssl_hsts_age: Optional[float] = None,
                      ssl_hsts_include_subdomains: Optional[str] = None,
                      ssl_http_location_conversion: Optional[str] = None,
                      ssl_http_match_host: Optional[str] = None,
                      ssl_max_version: Optional[str] = None,
                      ssl_min_version: Optional[str] = None,
                      ssl_mode: Optional[str] = None,
                      ssl_pfs: Optional[str] = None,
                      ssl_send_empty_frags: Optional[str] = None,
                      ssl_server_algorithm: Optional[str] = None,
                      ssl_server_cipher_suites: Optional[Sequence[ObjectFirewallVipSslServerCipherSuiteArgs]] = None,
                      ssl_server_max_version: Optional[str] = None,
                      ssl_server_min_version: Optional[str] = None,
                      ssl_server_renegotiation: Optional[str] = None,
                      ssl_server_session_state_max: Optional[float] = None,
                      ssl_server_session_state_timeout: Optional[float] = None,
                      ssl_server_session_state_type: Optional[str] = None,
                      status: Optional[str] = None,
                      type: Optional[str] = None,
                      uuid: Optional[str] = None,
                      weblogic_server: Optional[str] = None,
                      websphere_server: Optional[str] = None)
func NewObjectFirewallVip(ctx *Context, name string, args *ObjectFirewallVipArgs, opts ...ResourceOption) (*ObjectFirewallVip, error)
public ObjectFirewallVip(string name, ObjectFirewallVipArgs? args = null, CustomResourceOptions? opts = null)
public ObjectFirewallVip(String name, ObjectFirewallVipArgs args)
public ObjectFirewallVip(String name, ObjectFirewallVipArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallVip
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args ObjectFirewallVipArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args ObjectFirewallVipArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args ObjectFirewallVipArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args ObjectFirewallVipArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. ObjectFirewallVipArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var objectFirewallVipResource = new Fortimanager.ObjectFirewallVip("objectFirewallVipResource", new()
{
    AddNat46Route = "string",
    Adom = "string",
    ArpReply = "string",
    Color = 0,
    Comment = "string",
    DnsMappingTtl = 0,
    DynamicMappings = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallVipDynamicMappingArgs
        {
            _scopes = new[]
            {
                new Fortimanager.Inputs.ObjectFirewallVipDynamicMapping_ScopeArgs
                {
                    Name = "string",
                    Vdom = "string",
                },
            },
            AddNat46Route = "string",
            ArpReply = "string",
            Color = 0,
            Comment = "string",
            DnsMappingTtl = 0,
            Extaddr = "string",
            Extintf = "string",
            Extip = "string",
            Extport = "string",
            GratuitousArpInterval = 0,
            GslbDomainName = "string",
            GslbHostname = "string",
            H2Support = "string",
            H3Support = "string",
            HttpCookieAge = 0,
            HttpCookieDomain = "string",
            HttpCookieDomainFromHost = "string",
            HttpCookieGeneration = 0,
            HttpCookiePath = "string",
            HttpCookieShare = "string",
            HttpIpHeader = "string",
            HttpIpHeaderName = "string",
            HttpMultiplex = "string",
            HttpMultiplexMaxConcurrentRequest = 0,
            HttpMultiplexMaxRequest = 0,
            HttpMultiplexTtl = 0,
            HttpRedirect = "string",
            HttpSupportedMaxVersion = "string",
            HttpsCookieSecure = "string",
            Id = 0,
            Ipv6Mappedip = "string",
            Ipv6Mappedport = "string",
            LdbMethod = "string",
            MappedAddr = "string",
            Mappedips = new[]
            {
                "string",
            },
            Mappedport = "string",
            MaxEmbryonicConnections = 0,
            Monitor = "string",
            Nat44 = "string",
            Nat46 = "string",
            NatSourceVip = "string",
            OneClickGslbServer = "string",
            OutlookWebAccess = "string",
            Persistence = "string",
            Portforward = "string",
            PortmappingType = "string",
            Protocol = "string",
            Realservers = new[]
            {
                new Fortimanager.Inputs.ObjectFirewallVipDynamicMappingRealserverArgs
                {
                    Address = "string",
                    ClientIps = new[]
                    {
                        "string",
                    },
                    HealthCheckProto = "string",
                    Healthcheck = "string",
                    HolddownInterval = 0,
                    HttpHost = "string",
                    Id = 0,
                    Ip = "string",
                    MaxConnections = 0,
                    Monitor = "string",
                    Port = 0,
                    Seq = 0,
                    Status = "string",
                    TranslateHost = "string",
                    Type = "string",
                    Weight = 0,
                },
            },
            ServerType = "string",
            Service = "string",
            SrcFilters = new[]
            {
                "string",
            },
            SrcVipFilter = "string",
            SrcintfFilters = new[]
            {
                "string",
            },
            SslAcceptFfdheGroups = "string",
            SslAlgorithm = "string",
            SslCertificate = "string",
            SslCipherSuites = new[]
            {
                new Fortimanager.Inputs.ObjectFirewallVipDynamicMappingSslCipherSuiteArgs
                {
                    Cipher = "string",
                    Id = 0,
                    Priority = 0,
                    Versions = new[]
                    {
                        "string",
                    },
                },
            },
            SslClientFallback = "string",
            SslClientRekeyCount = 0,
            SslClientRenegotiation = "string",
            SslClientSessionStateMax = 0,
            SslClientSessionStateTimeout = 0,
            SslClientSessionStateType = "string",
            SslDhBits = "string",
            SslHpkp = "string",
            SslHpkpAge = 0,
            SslHpkpBackup = "string",
            SslHpkpIncludeSubdomains = "string",
            SslHpkpPrimary = "string",
            SslHpkpReportUri = "string",
            SslHsts = "string",
            SslHstsAge = 0,
            SslHstsIncludeSubdomains = "string",
            SslHttpLocationConversion = "string",
            SslHttpMatchHost = "string",
            SslMaxVersion = "string",
            SslMinVersion = "string",
            SslMode = "string",
            SslPfs = "string",
            SslSendEmptyFrags = "string",
            SslServerAlgorithm = "string",
            SslServerMaxVersion = "string",
            SslServerMinVersion = "string",
            SslServerRenegotiation = "string",
            SslServerSessionStateMax = 0,
            SslServerSessionStateTimeout = 0,
            SslServerSessionStateType = "string",
            Status = "string",
            Type = "string",
            Uuid = "string",
            WeblogicServer = "string",
            WebsphereServer = "string",
        },
    },
    DynamicSortSubtable = "string",
    Extaddrs = new[]
    {
        "string",
    },
    Extintf = "string",
    Extip = "string",
    Extport = "string",
    Fosid = 0,
    GratuitousArpInterval = 0,
    GslbDomainName = "string",
    GslbHostname = "string",
    GslbPublicIps = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallVipGslbPublicIpArgs
        {
            Index = 0,
            Ip = "string",
        },
    },
    H2Support = "string",
    H3Support = "string",
    HttpCookieAge = 0,
    HttpCookieDomain = "string",
    HttpCookieDomainFromHost = "string",
    HttpCookieGeneration = 0,
    HttpCookiePath = "string",
    HttpCookieShare = "string",
    HttpIpHeader = "string",
    HttpIpHeaderName = "string",
    HttpMultiplex = "string",
    HttpMultiplexMaxConcurrentRequest = 0,
    HttpMultiplexMaxRequest = 0,
    HttpMultiplexTtl = 0,
    HttpRedirect = "string",
    HttpSupportedMaxVersion = "string",
    HttpsCookieSecure = "string",
    Ipv6Mappedip = "string",
    Ipv6Mappedport = "string",
    LdbMethod = "string",
    MappedAddr = "string",
    Mappedips = new[]
    {
        "string",
    },
    Mappedport = "string",
    MaxEmbryonicConnections = 0,
    Monitor = "string",
    Name = "string",
    Nat44 = "string",
    Nat46 = "string",
    NatSourceVip = "string",
    ObjectFirewallVipId = "string",
    OneClickGslbServer = "string",
    OutlookWebAccess = "string",
    Persistence = "string",
    Portforward = "string",
    PortmappingType = "string",
    Protocol = "string",
    Quic = new Fortimanager.Inputs.ObjectFirewallVipQuicArgs
    {
        AckDelayExponent = 0,
        ActiveConnectionIdLimit = 0,
        ActiveMigration = "string",
        GreaseQuicBit = "string",
        MaxAckDelay = 0,
        MaxDatagramFrameSize = 0,
        MaxIdleTimeout = 0,
        MaxUdpPayloadSize = 0,
    },
    Realservers = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallVipRealserverArgs
        {
            Address = "string",
            ClientIps = new[]
            {
                "string",
            },
            Healthcheck = "string",
            HolddownInterval = 0,
            HttpHost = "string",
            Id = 0,
            Ip = "string",
            MaxConnections = 0,
            Monitor = "string",
            Port = 0,
            Seq = 0,
            Status = "string",
            TranslateHost = "string",
            Type = "string",
            Weight = 0,
        },
    },
    Scopetype = "string",
    ServerType = "string",
    Services = new[]
    {
        "string",
    },
    SrcFilters = new[]
    {
        "string",
    },
    SrcVipFilter = "string",
    SrcintfFilters = new[]
    {
        "string",
    },
    SslAcceptFfdheGroups = "string",
    SslAlgorithm = "string",
    SslCertificate = "string",
    SslCipherSuites = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallVipSslCipherSuiteArgs
        {
            Cipher = "string",
            Id = 0,
            Priority = 0,
            Versions = new[]
            {
                "string",
            },
        },
    },
    SslClientFallback = "string",
    SslClientRekeyCount = 0,
    SslClientRenegotiation = "string",
    SslClientSessionStateMax = 0,
    SslClientSessionStateTimeout = 0,
    SslClientSessionStateType = "string",
    SslDhBits = "string",
    SslHpkp = "string",
    SslHpkpAge = 0,
    SslHpkpBackup = "string",
    SslHpkpIncludeSubdomains = "string",
    SslHpkpPrimary = "string",
    SslHpkpReportUri = "string",
    SslHsts = "string",
    SslHstsAge = 0,
    SslHstsIncludeSubdomains = "string",
    SslHttpLocationConversion = "string",
    SslHttpMatchHost = "string",
    SslMaxVersion = "string",
    SslMinVersion = "string",
    SslMode = "string",
    SslPfs = "string",
    SslSendEmptyFrags = "string",
    SslServerAlgorithm = "string",
    SslServerCipherSuites = new[]
    {
        new Fortimanager.Inputs.ObjectFirewallVipSslServerCipherSuiteArgs
        {
            Cipher = "string",
            Priority = 0,
            Versions = new[]
            {
                "string",
            },
        },
    },
    SslServerMaxVersion = "string",
    SslServerMinVersion = "string",
    SslServerRenegotiation = "string",
    SslServerSessionStateMax = 0,
    SslServerSessionStateTimeout = 0,
    SslServerSessionStateType = "string",
    Status = "string",
    Type = "string",
    Uuid = "string",
    WeblogicServer = "string",
    WebsphereServer = "string",
});
Copy
example, err := fortimanager.NewObjectFirewallVip(ctx, "objectFirewallVipResource", &fortimanager.ObjectFirewallVipArgs{
AddNat46Route: pulumi.String("string"),
Adom: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
DnsMappingTtl: pulumi.Float64(0),
DynamicMappings: .ObjectFirewallVipDynamicMappingTypeArray{
&.ObjectFirewallVipDynamicMappingTypeArgs{
_scopes: .ObjectFirewallVipDynamicMapping_ScopeArray{
&.ObjectFirewallVipDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AddNat46Route: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
DnsMappingTtl: pulumi.Float64(0),
Extaddr: pulumi.String("string"),
Extintf: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
GratuitousArpInterval: pulumi.Float64(0),
GslbDomainName: pulumi.String("string"),
GslbHostname: pulumi.String("string"),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpMultiplexMaxConcurrentRequest: pulumi.Float64(0),
HttpMultiplexMaxRequest: pulumi.Float64(0),
HttpMultiplexTtl: pulumi.Float64(0),
HttpRedirect: pulumi.String("string"),
HttpSupportedMaxVersion: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Id: pulumi.Float64(0),
Ipv6Mappedip: pulumi.String("string"),
Ipv6Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
MappedAddr: pulumi.String("string"),
Mappedips: pulumi.StringArray{
pulumi.String("string"),
},
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Nat44: pulumi.String("string"),
Nat46: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
OneClickGslbServer: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
PortmappingType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Realservers: .ObjectFirewallVipDynamicMappingRealserverArray{
&.ObjectFirewallVipDynamicMappingRealserverArgs{
Address: pulumi.String("string"),
ClientIps: pulumi.StringArray{
pulumi.String("string"),
},
HealthCheckProto: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Seq: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
ServerType: pulumi.String("string"),
Service: pulumi.String("string"),
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SrcintfFilters: pulumi.StringArray{
pulumi.String("string"),
},
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVipDynamicMappingSslCipherSuiteArray{
&.ObjectFirewallVipDynamicMappingSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Id: pulumi.Float64(0),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Status: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
Extaddrs: pulumi.StringArray{
pulumi.String("string"),
},
Extintf: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Float64(0),
GratuitousArpInterval: pulumi.Float64(0),
GslbDomainName: pulumi.String("string"),
GslbHostname: pulumi.String("string"),
GslbPublicIps: .ObjectFirewallVipGslbPublicIpArray{
&.ObjectFirewallVipGslbPublicIpArgs{
Index: pulumi.Float64(0),
Ip: pulumi.String("string"),
},
},
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpMultiplexMaxConcurrentRequest: pulumi.Float64(0),
HttpMultiplexMaxRequest: pulumi.Float64(0),
HttpMultiplexTtl: pulumi.Float64(0),
HttpRedirect: pulumi.String("string"),
HttpSupportedMaxVersion: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv6Mappedip: pulumi.String("string"),
Ipv6Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
MappedAddr: pulumi.String("string"),
Mappedips: pulumi.StringArray{
pulumi.String("string"),
},
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Name: pulumi.String("string"),
Nat44: pulumi.String("string"),
Nat46: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
ObjectFirewallVipId: pulumi.String("string"),
OneClickGslbServer: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
PortmappingType: pulumi.String("string"),
Protocol: pulumi.String("string"),
Quic: &.ObjectFirewallVipQuicTypeArgs{
AckDelayExponent: pulumi.Float64(0),
ActiveConnectionIdLimit: pulumi.Float64(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Float64(0),
MaxDatagramFrameSize: pulumi.Float64(0),
MaxIdleTimeout: pulumi.Float64(0),
MaxUdpPayloadSize: pulumi.Float64(0),
},
Realservers: .ObjectFirewallVipRealserverArray{
&.ObjectFirewallVipRealserverArgs{
Address: pulumi.String("string"),
ClientIps: pulumi.StringArray{
pulumi.String("string"),
},
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Seq: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
Scopetype: pulumi.String("string"),
ServerType: pulumi.String("string"),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SrcintfFilters: pulumi.StringArray{
pulumi.String("string"),
},
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVipSslCipherSuiteArray{
&.ObjectFirewallVipSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Id: pulumi.Float64(0),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerCipherSuites: .ObjectFirewallVipSslServerCipherSuiteArray{
&.ObjectFirewallVipSslServerCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Status: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
Copy
var objectFirewallVipResource = new ObjectFirewallVip("objectFirewallVipResource", ObjectFirewallVipArgs.builder()
    .addNat46Route("string")
    .adom("string")
    .arpReply("string")
    .color(0)
    .comment("string")
    .dnsMappingTtl(0)
    .dynamicMappings(ObjectFirewallVipDynamicMappingArgs.builder()
        ._scopes(ObjectFirewallVipDynamicMapping_ScopeArgs.builder()
            .name("string")
            .vdom("string")
            .build())
        .addNat46Route("string")
        .arpReply("string")
        .color(0)
        .comment("string")
        .dnsMappingTtl(0)
        .extaddr("string")
        .extintf("string")
        .extip("string")
        .extport("string")
        .gratuitousArpInterval(0)
        .gslbDomainName("string")
        .gslbHostname("string")
        .h2Support("string")
        .h3Support("string")
        .httpCookieAge(0)
        .httpCookieDomain("string")
        .httpCookieDomainFromHost("string")
        .httpCookieGeneration(0)
        .httpCookiePath("string")
        .httpCookieShare("string")
        .httpIpHeader("string")
        .httpIpHeaderName("string")
        .httpMultiplex("string")
        .httpMultiplexMaxConcurrentRequest(0)
        .httpMultiplexMaxRequest(0)
        .httpMultiplexTtl(0)
        .httpRedirect("string")
        .httpSupportedMaxVersion("string")
        .httpsCookieSecure("string")
        .id(0)
        .ipv6Mappedip("string")
        .ipv6Mappedport("string")
        .ldbMethod("string")
        .mappedAddr("string")
        .mappedips("string")
        .mappedport("string")
        .maxEmbryonicConnections(0)
        .monitor("string")
        .nat44("string")
        .nat46("string")
        .natSourceVip("string")
        .oneClickGslbServer("string")
        .outlookWebAccess("string")
        .persistence("string")
        .portforward("string")
        .portmappingType("string")
        .protocol("string")
        .realservers(ObjectFirewallVipDynamicMappingRealserverArgs.builder()
            .address("string")
            .clientIps("string")
            .healthCheckProto("string")
            .healthcheck("string")
            .holddownInterval(0)
            .httpHost("string")
            .id(0)
            .ip("string")
            .maxConnections(0)
            .monitor("string")
            .port(0)
            .seq(0)
            .status("string")
            .translateHost("string")
            .type("string")
            .weight(0)
            .build())
        .serverType("string")
        .service("string")
        .srcFilters("string")
        .srcVipFilter("string")
        .srcintfFilters("string")
        .sslAcceptFfdheGroups("string")
        .sslAlgorithm("string")
        .sslCertificate("string")
        .sslCipherSuites(ObjectFirewallVipDynamicMappingSslCipherSuiteArgs.builder()
            .cipher("string")
            .id(0)
            .priority(0)
            .versions("string")
            .build())
        .sslClientFallback("string")
        .sslClientRekeyCount(0)
        .sslClientRenegotiation("string")
        .sslClientSessionStateMax(0)
        .sslClientSessionStateTimeout(0)
        .sslClientSessionStateType("string")
        .sslDhBits("string")
        .sslHpkp("string")
        .sslHpkpAge(0)
        .sslHpkpBackup("string")
        .sslHpkpIncludeSubdomains("string")
        .sslHpkpPrimary("string")
        .sslHpkpReportUri("string")
        .sslHsts("string")
        .sslHstsAge(0)
        .sslHstsIncludeSubdomains("string")
        .sslHttpLocationConversion("string")
        .sslHttpMatchHost("string")
        .sslMaxVersion("string")
        .sslMinVersion("string")
        .sslMode("string")
        .sslPfs("string")
        .sslSendEmptyFrags("string")
        .sslServerAlgorithm("string")
        .sslServerMaxVersion("string")
        .sslServerMinVersion("string")
        .sslServerRenegotiation("string")
        .sslServerSessionStateMax(0)
        .sslServerSessionStateTimeout(0)
        .sslServerSessionStateType("string")
        .status("string")
        .type("string")
        .uuid("string")
        .weblogicServer("string")
        .websphereServer("string")
        .build())
    .dynamicSortSubtable("string")
    .extaddrs("string")
    .extintf("string")
    .extip("string")
    .extport("string")
    .fosid(0)
    .gratuitousArpInterval(0)
    .gslbDomainName("string")
    .gslbHostname("string")
    .gslbPublicIps(ObjectFirewallVipGslbPublicIpArgs.builder()
        .index(0)
        .ip("string")
        .build())
    .h2Support("string")
    .h3Support("string")
    .httpCookieAge(0)
    .httpCookieDomain("string")
    .httpCookieDomainFromHost("string")
    .httpCookieGeneration(0)
    .httpCookiePath("string")
    .httpCookieShare("string")
    .httpIpHeader("string")
    .httpIpHeaderName("string")
    .httpMultiplex("string")
    .httpMultiplexMaxConcurrentRequest(0)
    .httpMultiplexMaxRequest(0)
    .httpMultiplexTtl(0)
    .httpRedirect("string")
    .httpSupportedMaxVersion("string")
    .httpsCookieSecure("string")
    .ipv6Mappedip("string")
    .ipv6Mappedport("string")
    .ldbMethod("string")
    .mappedAddr("string")
    .mappedips("string")
    .mappedport("string")
    .maxEmbryonicConnections(0)
    .monitor("string")
    .name("string")
    .nat44("string")
    .nat46("string")
    .natSourceVip("string")
    .objectFirewallVipId("string")
    .oneClickGslbServer("string")
    .outlookWebAccess("string")
    .persistence("string")
    .portforward("string")
    .portmappingType("string")
    .protocol("string")
    .quic(ObjectFirewallVipQuicArgs.builder()
        .ackDelayExponent(0)
        .activeConnectionIdLimit(0)
        .activeMigration("string")
        .greaseQuicBit("string")
        .maxAckDelay(0)
        .maxDatagramFrameSize(0)
        .maxIdleTimeout(0)
        .maxUdpPayloadSize(0)
        .build())
    .realservers(ObjectFirewallVipRealserverArgs.builder()
        .address("string")
        .clientIps("string")
        .healthcheck("string")
        .holddownInterval(0)
        .httpHost("string")
        .id(0)
        .ip("string")
        .maxConnections(0)
        .monitor("string")
        .port(0)
        .seq(0)
        .status("string")
        .translateHost("string")
        .type("string")
        .weight(0)
        .build())
    .scopetype("string")
    .serverType("string")
    .services("string")
    .srcFilters("string")
    .srcVipFilter("string")
    .srcintfFilters("string")
    .sslAcceptFfdheGroups("string")
    .sslAlgorithm("string")
    .sslCertificate("string")
    .sslCipherSuites(ObjectFirewallVipSslCipherSuiteArgs.builder()
        .cipher("string")
        .id(0)
        .priority(0)
        .versions("string")
        .build())
    .sslClientFallback("string")
    .sslClientRekeyCount(0)
    .sslClientRenegotiation("string")
    .sslClientSessionStateMax(0)
    .sslClientSessionStateTimeout(0)
    .sslClientSessionStateType("string")
    .sslDhBits("string")
    .sslHpkp("string")
    .sslHpkpAge(0)
    .sslHpkpBackup("string")
    .sslHpkpIncludeSubdomains("string")
    .sslHpkpPrimary("string")
    .sslHpkpReportUri("string")
    .sslHsts("string")
    .sslHstsAge(0)
    .sslHstsIncludeSubdomains("string")
    .sslHttpLocationConversion("string")
    .sslHttpMatchHost("string")
    .sslMaxVersion("string")
    .sslMinVersion("string")
    .sslMode("string")
    .sslPfs("string")
    .sslSendEmptyFrags("string")
    .sslServerAlgorithm("string")
    .sslServerCipherSuites(ObjectFirewallVipSslServerCipherSuiteArgs.builder()
        .cipher("string")
        .priority(0)
        .versions("string")
        .build())
    .sslServerMaxVersion("string")
    .sslServerMinVersion("string")
    .sslServerRenegotiation("string")
    .sslServerSessionStateMax(0)
    .sslServerSessionStateTimeout(0)
    .sslServerSessionStateType("string")
    .status("string")
    .type("string")
    .uuid("string")
    .weblogicServer("string")
    .websphereServer("string")
    .build());
Copy
object_firewall_vip_resource = fortimanager.ObjectFirewallVip("objectFirewallVipResource",
    add_nat46_route="string",
    adom="string",
    arp_reply="string",
    color=0,
    comment="string",
    dns_mapping_ttl=0,
    dynamic_mappings=[{
        "_scopes": [{
            "name": "string",
            "vdom": "string",
        }],
        "add_nat46_route": "string",
        "arp_reply": "string",
        "color": 0,
        "comment": "string",
        "dns_mapping_ttl": 0,
        "extaddr": "string",
        "extintf": "string",
        "extip": "string",
        "extport": "string",
        "gratuitous_arp_interval": 0,
        "gslb_domain_name": "string",
        "gslb_hostname": "string",
        "h2_support": "string",
        "h3_support": "string",
        "http_cookie_age": 0,
        "http_cookie_domain": "string",
        "http_cookie_domain_from_host": "string",
        "http_cookie_generation": 0,
        "http_cookie_path": "string",
        "http_cookie_share": "string",
        "http_ip_header": "string",
        "http_ip_header_name": "string",
        "http_multiplex": "string",
        "http_multiplex_max_concurrent_request": 0,
        "http_multiplex_max_request": 0,
        "http_multiplex_ttl": 0,
        "http_redirect": "string",
        "http_supported_max_version": "string",
        "https_cookie_secure": "string",
        "id": 0,
        "ipv6_mappedip": "string",
        "ipv6_mappedport": "string",
        "ldb_method": "string",
        "mapped_addr": "string",
        "mappedips": ["string"],
        "mappedport": "string",
        "max_embryonic_connections": 0,
        "monitor": "string",
        "nat44": "string",
        "nat46": "string",
        "nat_source_vip": "string",
        "one_click_gslb_server": "string",
        "outlook_web_access": "string",
        "persistence": "string",
        "portforward": "string",
        "portmapping_type": "string",
        "protocol": "string",
        "realservers": [{
            "address": "string",
            "client_ips": ["string"],
            "health_check_proto": "string",
            "healthcheck": "string",
            "holddown_interval": 0,
            "http_host": "string",
            "id": 0,
            "ip": "string",
            "max_connections": 0,
            "monitor": "string",
            "port": 0,
            "seq": 0,
            "status": "string",
            "translate_host": "string",
            "type": "string",
            "weight": 0,
        }],
        "server_type": "string",
        "service": "string",
        "src_filters": ["string"],
        "src_vip_filter": "string",
        "srcintf_filters": ["string"],
        "ssl_accept_ffdhe_groups": "string",
        "ssl_algorithm": "string",
        "ssl_certificate": "string",
        "ssl_cipher_suites": [{
            "cipher": "string",
            "id": 0,
            "priority": 0,
            "versions": ["string"],
        }],
        "ssl_client_fallback": "string",
        "ssl_client_rekey_count": 0,
        "ssl_client_renegotiation": "string",
        "ssl_client_session_state_max": 0,
        "ssl_client_session_state_timeout": 0,
        "ssl_client_session_state_type": "string",
        "ssl_dh_bits": "string",
        "ssl_hpkp": "string",
        "ssl_hpkp_age": 0,
        "ssl_hpkp_backup": "string",
        "ssl_hpkp_include_subdomains": "string",
        "ssl_hpkp_primary": "string",
        "ssl_hpkp_report_uri": "string",
        "ssl_hsts": "string",
        "ssl_hsts_age": 0,
        "ssl_hsts_include_subdomains": "string",
        "ssl_http_location_conversion": "string",
        "ssl_http_match_host": "string",
        "ssl_max_version": "string",
        "ssl_min_version": "string",
        "ssl_mode": "string",
        "ssl_pfs": "string",
        "ssl_send_empty_frags": "string",
        "ssl_server_algorithm": "string",
        "ssl_server_max_version": "string",
        "ssl_server_min_version": "string",
        "ssl_server_renegotiation": "string",
        "ssl_server_session_state_max": 0,
        "ssl_server_session_state_timeout": 0,
        "ssl_server_session_state_type": "string",
        "status": "string",
        "type": "string",
        "uuid": "string",
        "weblogic_server": "string",
        "websphere_server": "string",
    }],
    dynamic_sort_subtable="string",
    extaddrs=["string"],
    extintf="string",
    extip="string",
    extport="string",
    fosid=0,
    gratuitous_arp_interval=0,
    gslb_domain_name="string",
    gslb_hostname="string",
    gslb_public_ips=[{
        "index": 0,
        "ip": "string",
    }],
    h2_support="string",
    h3_support="string",
    http_cookie_age=0,
    http_cookie_domain="string",
    http_cookie_domain_from_host="string",
    http_cookie_generation=0,
    http_cookie_path="string",
    http_cookie_share="string",
    http_ip_header="string",
    http_ip_header_name="string",
    http_multiplex="string",
    http_multiplex_max_concurrent_request=0,
    http_multiplex_max_request=0,
    http_multiplex_ttl=0,
    http_redirect="string",
    http_supported_max_version="string",
    https_cookie_secure="string",
    ipv6_mappedip="string",
    ipv6_mappedport="string",
    ldb_method="string",
    mapped_addr="string",
    mappedips=["string"],
    mappedport="string",
    max_embryonic_connections=0,
    monitor="string",
    name="string",
    nat44="string",
    nat46="string",
    nat_source_vip="string",
    object_firewall_vip_id="string",
    one_click_gslb_server="string",
    outlook_web_access="string",
    persistence="string",
    portforward="string",
    portmapping_type="string",
    protocol="string",
    quic={
        "ack_delay_exponent": 0,
        "active_connection_id_limit": 0,
        "active_migration": "string",
        "grease_quic_bit": "string",
        "max_ack_delay": 0,
        "max_datagram_frame_size": 0,
        "max_idle_timeout": 0,
        "max_udp_payload_size": 0,
    },
    realservers=[{
        "address": "string",
        "client_ips": ["string"],
        "healthcheck": "string",
        "holddown_interval": 0,
        "http_host": "string",
        "id": 0,
        "ip": "string",
        "max_connections": 0,
        "monitor": "string",
        "port": 0,
        "seq": 0,
        "status": "string",
        "translate_host": "string",
        "type": "string",
        "weight": 0,
    }],
    scopetype="string",
    server_type="string",
    services=["string"],
    src_filters=["string"],
    src_vip_filter="string",
    srcintf_filters=["string"],
    ssl_accept_ffdhe_groups="string",
    ssl_algorithm="string",
    ssl_certificate="string",
    ssl_cipher_suites=[{
        "cipher": "string",
        "id": 0,
        "priority": 0,
        "versions": ["string"],
    }],
    ssl_client_fallback="string",
    ssl_client_rekey_count=0,
    ssl_client_renegotiation="string",
    ssl_client_session_state_max=0,
    ssl_client_session_state_timeout=0,
    ssl_client_session_state_type="string",
    ssl_dh_bits="string",
    ssl_hpkp="string",
    ssl_hpkp_age=0,
    ssl_hpkp_backup="string",
    ssl_hpkp_include_subdomains="string",
    ssl_hpkp_primary="string",
    ssl_hpkp_report_uri="string",
    ssl_hsts="string",
    ssl_hsts_age=0,
    ssl_hsts_include_subdomains="string",
    ssl_http_location_conversion="string",
    ssl_http_match_host="string",
    ssl_max_version="string",
    ssl_min_version="string",
    ssl_mode="string",
    ssl_pfs="string",
    ssl_send_empty_frags="string",
    ssl_server_algorithm="string",
    ssl_server_cipher_suites=[{
        "cipher": "string",
        "priority": 0,
        "versions": ["string"],
    }],
    ssl_server_max_version="string",
    ssl_server_min_version="string",
    ssl_server_renegotiation="string",
    ssl_server_session_state_max=0,
    ssl_server_session_state_timeout=0,
    ssl_server_session_state_type="string",
    status="string",
    type="string",
    uuid="string",
    weblogic_server="string",
    websphere_server="string")
Copy
const objectFirewallVipResource = new fortimanager.ObjectFirewallVip("objectFirewallVipResource", {
    addNat46Route: "string",
    adom: "string",
    arpReply: "string",
    color: 0,
    comment: "string",
    dnsMappingTtl: 0,
    dynamicMappings: [{
        _scopes: [{
            name: "string",
            vdom: "string",
        }],
        addNat46Route: "string",
        arpReply: "string",
        color: 0,
        comment: "string",
        dnsMappingTtl: 0,
        extaddr: "string",
        extintf: "string",
        extip: "string",
        extport: "string",
        gratuitousArpInterval: 0,
        gslbDomainName: "string",
        gslbHostname: "string",
        h2Support: "string",
        h3Support: "string",
        httpCookieAge: 0,
        httpCookieDomain: "string",
        httpCookieDomainFromHost: "string",
        httpCookieGeneration: 0,
        httpCookiePath: "string",
        httpCookieShare: "string",
        httpIpHeader: "string",
        httpIpHeaderName: "string",
        httpMultiplex: "string",
        httpMultiplexMaxConcurrentRequest: 0,
        httpMultiplexMaxRequest: 0,
        httpMultiplexTtl: 0,
        httpRedirect: "string",
        httpSupportedMaxVersion: "string",
        httpsCookieSecure: "string",
        id: 0,
        ipv6Mappedip: "string",
        ipv6Mappedport: "string",
        ldbMethod: "string",
        mappedAddr: "string",
        mappedips: ["string"],
        mappedport: "string",
        maxEmbryonicConnections: 0,
        monitor: "string",
        nat44: "string",
        nat46: "string",
        natSourceVip: "string",
        oneClickGslbServer: "string",
        outlookWebAccess: "string",
        persistence: "string",
        portforward: "string",
        portmappingType: "string",
        protocol: "string",
        realservers: [{
            address: "string",
            clientIps: ["string"],
            healthCheckProto: "string",
            healthcheck: "string",
            holddownInterval: 0,
            httpHost: "string",
            id: 0,
            ip: "string",
            maxConnections: 0,
            monitor: "string",
            port: 0,
            seq: 0,
            status: "string",
            translateHost: "string",
            type: "string",
            weight: 0,
        }],
        serverType: "string",
        service: "string",
        srcFilters: ["string"],
        srcVipFilter: "string",
        srcintfFilters: ["string"],
        sslAcceptFfdheGroups: "string",
        sslAlgorithm: "string",
        sslCertificate: "string",
        sslCipherSuites: [{
            cipher: "string",
            id: 0,
            priority: 0,
            versions: ["string"],
        }],
        sslClientFallback: "string",
        sslClientRekeyCount: 0,
        sslClientRenegotiation: "string",
        sslClientSessionStateMax: 0,
        sslClientSessionStateTimeout: 0,
        sslClientSessionStateType: "string",
        sslDhBits: "string",
        sslHpkp: "string",
        sslHpkpAge: 0,
        sslHpkpBackup: "string",
        sslHpkpIncludeSubdomains: "string",
        sslHpkpPrimary: "string",
        sslHpkpReportUri: "string",
        sslHsts: "string",
        sslHstsAge: 0,
        sslHstsIncludeSubdomains: "string",
        sslHttpLocationConversion: "string",
        sslHttpMatchHost: "string",
        sslMaxVersion: "string",
        sslMinVersion: "string",
        sslMode: "string",
        sslPfs: "string",
        sslSendEmptyFrags: "string",
        sslServerAlgorithm: "string",
        sslServerMaxVersion: "string",
        sslServerMinVersion: "string",
        sslServerRenegotiation: "string",
        sslServerSessionStateMax: 0,
        sslServerSessionStateTimeout: 0,
        sslServerSessionStateType: "string",
        status: "string",
        type: "string",
        uuid: "string",
        weblogicServer: "string",
        websphereServer: "string",
    }],
    dynamicSortSubtable: "string",
    extaddrs: ["string"],
    extintf: "string",
    extip: "string",
    extport: "string",
    fosid: 0,
    gratuitousArpInterval: 0,
    gslbDomainName: "string",
    gslbHostname: "string",
    gslbPublicIps: [{
        index: 0,
        ip: "string",
    }],
    h2Support: "string",
    h3Support: "string",
    httpCookieAge: 0,
    httpCookieDomain: "string",
    httpCookieDomainFromHost: "string",
    httpCookieGeneration: 0,
    httpCookiePath: "string",
    httpCookieShare: "string",
    httpIpHeader: "string",
    httpIpHeaderName: "string",
    httpMultiplex: "string",
    httpMultiplexMaxConcurrentRequest: 0,
    httpMultiplexMaxRequest: 0,
    httpMultiplexTtl: 0,
    httpRedirect: "string",
    httpSupportedMaxVersion: "string",
    httpsCookieSecure: "string",
    ipv6Mappedip: "string",
    ipv6Mappedport: "string",
    ldbMethod: "string",
    mappedAddr: "string",
    mappedips: ["string"],
    mappedport: "string",
    maxEmbryonicConnections: 0,
    monitor: "string",
    name: "string",
    nat44: "string",
    nat46: "string",
    natSourceVip: "string",
    objectFirewallVipId: "string",
    oneClickGslbServer: "string",
    outlookWebAccess: "string",
    persistence: "string",
    portforward: "string",
    portmappingType: "string",
    protocol: "string",
    quic: {
        ackDelayExponent: 0,
        activeConnectionIdLimit: 0,
        activeMigration: "string",
        greaseQuicBit: "string",
        maxAckDelay: 0,
        maxDatagramFrameSize: 0,
        maxIdleTimeout: 0,
        maxUdpPayloadSize: 0,
    },
    realservers: [{
        address: "string",
        clientIps: ["string"],
        healthcheck: "string",
        holddownInterval: 0,
        httpHost: "string",
        id: 0,
        ip: "string",
        maxConnections: 0,
        monitor: "string",
        port: 0,
        seq: 0,
        status: "string",
        translateHost: "string",
        type: "string",
        weight: 0,
    }],
    scopetype: "string",
    serverType: "string",
    services: ["string"],
    srcFilters: ["string"],
    srcVipFilter: "string",
    srcintfFilters: ["string"],
    sslAcceptFfdheGroups: "string",
    sslAlgorithm: "string",
    sslCertificate: "string",
    sslCipherSuites: [{
        cipher: "string",
        id: 0,
        priority: 0,
        versions: ["string"],
    }],
    sslClientFallback: "string",
    sslClientRekeyCount: 0,
    sslClientRenegotiation: "string",
    sslClientSessionStateMax: 0,
    sslClientSessionStateTimeout: 0,
    sslClientSessionStateType: "string",
    sslDhBits: "string",
    sslHpkp: "string",
    sslHpkpAge: 0,
    sslHpkpBackup: "string",
    sslHpkpIncludeSubdomains: "string",
    sslHpkpPrimary: "string",
    sslHpkpReportUri: "string",
    sslHsts: "string",
    sslHstsAge: 0,
    sslHstsIncludeSubdomains: "string",
    sslHttpLocationConversion: "string",
    sslHttpMatchHost: "string",
    sslMaxVersion: "string",
    sslMinVersion: "string",
    sslMode: "string",
    sslPfs: "string",
    sslSendEmptyFrags: "string",
    sslServerAlgorithm: "string",
    sslServerCipherSuites: [{
        cipher: "string",
        priority: 0,
        versions: ["string"],
    }],
    sslServerMaxVersion: "string",
    sslServerMinVersion: "string",
    sslServerRenegotiation: "string",
    sslServerSessionStateMax: 0,
    sslServerSessionStateTimeout: 0,
    sslServerSessionStateType: "string",
    status: "string",
    type: "string",
    uuid: "string",
    weblogicServer: "string",
    websphereServer: "string",
});
Copy
type: fortimanager:ObjectFirewallVip
properties:
    addNat46Route: string
    adom: string
    arpReply: string
    color: 0
    comment: string
    dnsMappingTtl: 0
    dynamicMappings:
        - _scopes:
            - name: string
              vdom: string
          addNat46Route: string
          arpReply: string
          color: 0
          comment: string
          dnsMappingTtl: 0
          extaddr: string
          extintf: string
          extip: string
          extport: string
          gratuitousArpInterval: 0
          gslbDomainName: string
          gslbHostname: string
          h2Support: string
          h3Support: string
          httpCookieAge: 0
          httpCookieDomain: string
          httpCookieDomainFromHost: string
          httpCookieGeneration: 0
          httpCookiePath: string
          httpCookieShare: string
          httpIpHeader: string
          httpIpHeaderName: string
          httpMultiplex: string
          httpMultiplexMaxConcurrentRequest: 0
          httpMultiplexMaxRequest: 0
          httpMultiplexTtl: 0
          httpRedirect: string
          httpSupportedMaxVersion: string
          httpsCookieSecure: string
          id: 0
          ipv6Mappedip: string
          ipv6Mappedport: string
          ldbMethod: string
          mappedAddr: string
          mappedips:
            - string
          mappedport: string
          maxEmbryonicConnections: 0
          monitor: string
          nat44: string
          nat46: string
          natSourceVip: string
          oneClickGslbServer: string
          outlookWebAccess: string
          persistence: string
          portforward: string
          portmappingType: string
          protocol: string
          realservers:
            - address: string
              clientIps:
                - string
              healthCheckProto: string
              healthcheck: string
              holddownInterval: 0
              httpHost: string
              id: 0
              ip: string
              maxConnections: 0
              monitor: string
              port: 0
              seq: 0
              status: string
              translateHost: string
              type: string
              weight: 0
          serverType: string
          service: string
          srcFilters:
            - string
          srcVipFilter: string
          srcintfFilters:
            - string
          sslAcceptFfdheGroups: string
          sslAlgorithm: string
          sslCertificate: string
          sslCipherSuites:
            - cipher: string
              id: 0
              priority: 0
              versions:
                - string
          sslClientFallback: string
          sslClientRekeyCount: 0
          sslClientRenegotiation: string
          sslClientSessionStateMax: 0
          sslClientSessionStateTimeout: 0
          sslClientSessionStateType: string
          sslDhBits: string
          sslHpkp: string
          sslHpkpAge: 0
          sslHpkpBackup: string
          sslHpkpIncludeSubdomains: string
          sslHpkpPrimary: string
          sslHpkpReportUri: string
          sslHsts: string
          sslHstsAge: 0
          sslHstsIncludeSubdomains: string
          sslHttpLocationConversion: string
          sslHttpMatchHost: string
          sslMaxVersion: string
          sslMinVersion: string
          sslMode: string
          sslPfs: string
          sslSendEmptyFrags: string
          sslServerAlgorithm: string
          sslServerMaxVersion: string
          sslServerMinVersion: string
          sslServerRenegotiation: string
          sslServerSessionStateMax: 0
          sslServerSessionStateTimeout: 0
          sslServerSessionStateType: string
          status: string
          type: string
          uuid: string
          weblogicServer: string
          websphereServer: string
    dynamicSortSubtable: string
    extaddrs:
        - string
    extintf: string
    extip: string
    extport: string
    fosid: 0
    gratuitousArpInterval: 0
    gslbDomainName: string
    gslbHostname: string
    gslbPublicIps:
        - index: 0
          ip: string
    h2Support: string
    h3Support: string
    httpCookieAge: 0
    httpCookieDomain: string
    httpCookieDomainFromHost: string
    httpCookieGeneration: 0
    httpCookiePath: string
    httpCookieShare: string
    httpIpHeader: string
    httpIpHeaderName: string
    httpMultiplex: string
    httpMultiplexMaxConcurrentRequest: 0
    httpMultiplexMaxRequest: 0
    httpMultiplexTtl: 0
    httpRedirect: string
    httpSupportedMaxVersion: string
    httpsCookieSecure: string
    ipv6Mappedip: string
    ipv6Mappedport: string
    ldbMethod: string
    mappedAddr: string
    mappedips:
        - string
    mappedport: string
    maxEmbryonicConnections: 0
    monitor: string
    name: string
    nat44: string
    nat46: string
    natSourceVip: string
    objectFirewallVipId: string
    oneClickGslbServer: string
    outlookWebAccess: string
    persistence: string
    portforward: string
    portmappingType: string
    protocol: string
    quic:
        ackDelayExponent: 0
        activeConnectionIdLimit: 0
        activeMigration: string
        greaseQuicBit: string
        maxAckDelay: 0
        maxDatagramFrameSize: 0
        maxIdleTimeout: 0
        maxUdpPayloadSize: 0
    realservers:
        - address: string
          clientIps:
            - string
          healthcheck: string
          holddownInterval: 0
          httpHost: string
          id: 0
          ip: string
          maxConnections: 0
          monitor: string
          port: 0
          seq: 0
          status: string
          translateHost: string
          type: string
          weight: 0
    scopetype: string
    serverType: string
    services:
        - string
    srcFilters:
        - string
    srcVipFilter: string
    srcintfFilters:
        - string
    sslAcceptFfdheGroups: string
    sslAlgorithm: string
    sslCertificate: string
    sslCipherSuites:
        - cipher: string
          id: 0
          priority: 0
          versions:
            - string
    sslClientFallback: string
    sslClientRekeyCount: 0
    sslClientRenegotiation: string
    sslClientSessionStateMax: 0
    sslClientSessionStateTimeout: 0
    sslClientSessionStateType: string
    sslDhBits: string
    sslHpkp: string
    sslHpkpAge: 0
    sslHpkpBackup: string
    sslHpkpIncludeSubdomains: string
    sslHpkpPrimary: string
    sslHpkpReportUri: string
    sslHsts: string
    sslHstsAge: 0
    sslHstsIncludeSubdomains: string
    sslHttpLocationConversion: string
    sslHttpMatchHost: string
    sslMaxVersion: string
    sslMinVersion: string
    sslMode: string
    sslPfs: string
    sslSendEmptyFrags: string
    sslServerAlgorithm: string
    sslServerCipherSuites:
        - cipher: string
          priority: 0
          versions:
            - string
    sslServerMaxVersion: string
    sslServerMinVersion: string
    sslServerRenegotiation: string
    sslServerSessionStateMax: 0
    sslServerSessionStateTimeout: 0
    sslServerSessionStateType: string
    status: string
    type: string
    uuid: string
    weblogicServer: string
    websphereServer: string
Copy

ObjectFirewallVip Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ObjectFirewallVip resource accepts the following input properties:

AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color double
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
DynamicMappings List<ObjectFirewallVipDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
Extaddrs List<string>
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
Fosid double
Custom defined ID.
GratuitousArpInterval double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
GslbPublicIps List<ObjectFirewallVipGslbPublicIp>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl double
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips List<string>
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections double
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Name string
Virtual IP name.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
ObjectFirewallVipId string
an identifier for the resource with format {{name}}.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
Realservers List<ObjectFirewallVipRealserver>
Realservers. The structure of realservers block is documented below.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Services List<string>
Service name.
SrcFilters List<string>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters List<string>
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites List<ObjectFirewallVipSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount double
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax double
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout double
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge double
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge double
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerCipherSuites List<ObjectFirewallVipSslServerCipherSuite>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax double
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout double
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Enable/disable VIP. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color float64
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl float64
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
DynamicMappings []ObjectFirewallVipDynamicMappingTypeArgs
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
Extaddrs []string
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
Fosid float64
Custom defined ID.
GratuitousArpInterval float64
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
GslbPublicIps []ObjectFirewallVipGslbPublicIpArgs
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge float64
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration float64
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest float64
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest float64
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl float64
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips []string
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections float64
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Name string
Virtual IP name.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
ObjectFirewallVipId string
an identifier for the resource with format {{name}}.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Quic ObjectFirewallVipQuicTypeArgs
Quic. The structure of quic block is documented below.
Realservers []ObjectFirewallVipRealserverArgs
Realservers. The structure of realservers block is documented below.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Services []string
Service name.
SrcFilters []string
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters []string
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites []ObjectFirewallVipSslCipherSuiteArgs
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount float64
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax float64
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout float64
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge float64
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge float64
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerCipherSuites []ObjectFirewallVipSslServerCipherSuiteArgs
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax float64
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout float64
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Enable/disable VIP. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Double
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings List<ObjectFirewallVipDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs List<String>
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
fosid Double
Custom defined ID.
gratuitousArpInterval Double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps List<ObjectFirewallVipGslbPublicIp>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Double
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Double
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name String
Virtual IP name.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId String
an identifier for the resource with format {{name}}.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
realservers List<ObjectFirewallVipRealserver>
Realservers. The structure of realservers block is documented below.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services List<String>
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<ObjectFirewallVipSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Double
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Double
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Double
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Double
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Double
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites List<ObjectFirewallVipSslServerCipherSuite>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Double
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Double
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Enable/disable VIP. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color number
Color of icon on the GUI.
comment string
Comment.
dnsMappingTtl number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings ObjectFirewallVipDynamicMapping[]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs string[]
External FQDN address name.
extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport string
Incoming port number range that you want to map to a port number range on the destination network.
fosid number
Custom defined ID.
gratuitousArpInterval number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName string
Domain to use when integrating with FortiGSLB.
gslbHostname string
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps ObjectFirewallVipGslbPublicIp[]
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain string
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath string
Limit HTTP cookie persistence to the specified path.
httpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl number
Time-to-live for idle connections to servers.
httpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr string
Mapped FQDN address name.
mappedips string[]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport string
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections number
Maximum number of incomplete connections.
monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name string
Virtual IP name.
nat44 string
Enable/disable NAT44. Valid values: disable, enable.
nat46 string
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId string
an identifier for the resource with format {{name}}.
oneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward string
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
realservers ObjectFirewallVipRealserver[]
Realservers. The structure of realservers block is documented below.
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services string[]
Service name.
srcFilters string[]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters string[]
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate string
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites ObjectFirewallVipSslCipherSuite[]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup string
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary string
Certificate to generate primary HPKP pin from.
sslHpkpReportUri string
URL to report HPKP violations to.
sslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites ObjectFirewallVipSslServerCipherSuite[]
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status string
Enable/disable VIP. Valid values: disable, enable.
type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
add_nat46_route str
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arp_reply str
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color float
Color of icon on the GUI.
comment str
Comment.
dns_mapping_ttl float
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamic_mappings Sequence[ObjectFirewallVipDynamicMappingArgs]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs Sequence[str]
External FQDN address name.
extintf str
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip str
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport str
Incoming port number range that you want to map to a port number range on the destination network.
fosid float
Custom defined ID.
gratuitous_arp_interval float
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslb_domain_name str
Domain to use when integrating with FortiGSLB.
gslb_hostname str
Hostname to use within the configured FortiGSLB domain.
gslb_public_ips Sequence[ObjectFirewallVipGslbPublicIpArgs]
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2_support str
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3_support str
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
http_cookie_age float
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
http_cookie_domain str
Domain that HTTP cookie persistence should apply to.
http_cookie_domain_from_host str
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
http_cookie_generation float
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
http_cookie_path str
Limit HTTP cookie persistence to the specified path.
http_cookie_share str
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
http_ip_header str
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
http_ip_header_name str
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
http_multiplex str
Enable/disable HTTP multiplexing. Valid values: disable, enable.
http_multiplex_max_concurrent_request float
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
http_multiplex_max_request float
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
http_multiplex_ttl float
Time-to-live for idle connections to servers.
http_redirect str
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
http_supported_max_version str
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
https_cookie_secure str
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6_mappedip str
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6_mappedport str
IPv6 port number range on the destination network to which the external port number range is mapped.
ldb_method str
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mapped_addr str
Mapped FQDN address name.
mappedips Sequence[str]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport str
Port number range on the destination network to which the external port number range is mapped.
max_embryonic_connections float
Maximum number of incomplete connections.
monitor str
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name str
Virtual IP name.
nat44 str
Enable/disable NAT44. Valid values: disable, enable.
nat46 str
Enable/disable NAT46. Valid values: disable, enable.
nat_source_vip str
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
object_firewall_vip_id str
an identifier for the resource with format {{name}}.
one_click_gslb_server str
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlook_web_access str
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence str
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward str
Enable/disable port forwarding. Valid values: disable, enable.
portmapping_type str
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol str
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuicArgs
Quic. The structure of quic block is documented below.
realservers Sequence[ObjectFirewallVipRealserverArgs]
Realservers. The structure of realservers block is documented below.
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_type str
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services Sequence[str]
Service name.
src_filters Sequence[str]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
src_vip_filter str
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintf_filters Sequence[str]
Interfaces to which the VIP applies. Separate the names with spaces.
ssl_accept_ffdhe_groups str
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
ssl_algorithm str
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
ssl_certificate str
The name of the SSL certificate to use for SSL acceleration.
ssl_cipher_suites Sequence[ObjectFirewallVipSslCipherSuiteArgs]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
ssl_client_fallback str
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
ssl_client_rekey_count float
Maximum length of data in MB before triggering a client rekey (0 = disable).
ssl_client_renegotiation str
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
ssl_client_session_state_max float
Maximum number of client to FortiGate SSL session states to keep.
ssl_client_session_state_timeout float
Number of minutes to keep client to FortiGate SSL session state.
ssl_client_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
ssl_dh_bits str
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
ssl_hpkp str
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
ssl_hpkp_age float
Number of seconds the client should honour the HPKP setting.
ssl_hpkp_backup str
Certificate to generate backup HPKP pin from.
ssl_hpkp_include_subdomains str
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
ssl_hpkp_primary str
Certificate to generate primary HPKP pin from.
ssl_hpkp_report_uri str
URL to report HPKP violations to.
ssl_hsts str
Enable/disable including HSTS header in response. Valid values: disable, enable.
ssl_hsts_age float
Number of seconds the client should honour the HSTS setting.
ssl_hsts_include_subdomains str
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
ssl_http_location_conversion str
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
ssl_http_match_host str
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
ssl_max_version str
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_min_version str
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_mode str
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
ssl_pfs str
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
ssl_send_empty_frags str
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
ssl_server_algorithm str
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
ssl_server_cipher_suites Sequence[ObjectFirewallVipSslServerCipherSuiteArgs]
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
ssl_server_max_version str
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_min_version str
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_renegotiation str
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
ssl_server_session_state_max float
Maximum number of FortiGate to Server SSL session states to keep.
ssl_server_session_state_timeout float
Number of minutes to keep FortiGate to Server SSL session state.
ssl_server_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status str
Enable/disable VIP. Valid values: disable, enable.
type str
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid str
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogic_server str
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphere_server str
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Number
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings List<Property Map>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs List<String>
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
fosid Number
Custom defined ID.
gratuitousArpInterval Number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps List<Property Map>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Number
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Number
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name String
Virtual IP name.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId String
an identifier for the resource with format {{name}}.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic Property Map
Quic. The structure of quic block is documented below.
realservers List<Property Map>
Realservers. The structure of realservers block is documented below.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services List<String>
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<Property Map>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites List<Property Map>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Enable/disable VIP. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectFirewallVip resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing ObjectFirewallVip Resource

Get an existing ObjectFirewallVip resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectFirewallVipState, opts?: CustomResourceOptions): ObjectFirewallVip
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        add_nat46_route: Optional[str] = None,
        adom: Optional[str] = None,
        arp_reply: Optional[str] = None,
        color: Optional[float] = None,
        comment: Optional[str] = None,
        dns_mapping_ttl: Optional[float] = None,
        dynamic_mappings: Optional[Sequence[ObjectFirewallVipDynamicMappingArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        extaddrs: Optional[Sequence[str]] = None,
        extintf: Optional[str] = None,
        extip: Optional[str] = None,
        extport: Optional[str] = None,
        fosid: Optional[float] = None,
        gratuitous_arp_interval: Optional[float] = None,
        gslb_domain_name: Optional[str] = None,
        gslb_hostname: Optional[str] = None,
        gslb_public_ips: Optional[Sequence[ObjectFirewallVipGslbPublicIpArgs]] = None,
        h2_support: Optional[str] = None,
        h3_support: Optional[str] = None,
        http_cookie_age: Optional[float] = None,
        http_cookie_domain: Optional[str] = None,
        http_cookie_domain_from_host: Optional[str] = None,
        http_cookie_generation: Optional[float] = None,
        http_cookie_path: Optional[str] = None,
        http_cookie_share: Optional[str] = None,
        http_ip_header: Optional[str] = None,
        http_ip_header_name: Optional[str] = None,
        http_multiplex: Optional[str] = None,
        http_multiplex_max_concurrent_request: Optional[float] = None,
        http_multiplex_max_request: Optional[float] = None,
        http_multiplex_ttl: Optional[float] = None,
        http_redirect: Optional[str] = None,
        http_supported_max_version: Optional[str] = None,
        https_cookie_secure: Optional[str] = None,
        ipv6_mappedip: Optional[str] = None,
        ipv6_mappedport: Optional[str] = None,
        ldb_method: Optional[str] = None,
        mapped_addr: Optional[str] = None,
        mappedips: Optional[Sequence[str]] = None,
        mappedport: Optional[str] = None,
        max_embryonic_connections: Optional[float] = None,
        monitor: Optional[str] = None,
        name: Optional[str] = None,
        nat44: Optional[str] = None,
        nat46: Optional[str] = None,
        nat_source_vip: Optional[str] = None,
        object_firewall_vip_id: Optional[str] = None,
        one_click_gslb_server: Optional[str] = None,
        outlook_web_access: Optional[str] = None,
        persistence: Optional[str] = None,
        portforward: Optional[str] = None,
        portmapping_type: Optional[str] = None,
        protocol: Optional[str] = None,
        quic: Optional[ObjectFirewallVipQuicArgs] = None,
        realservers: Optional[Sequence[ObjectFirewallVipRealserverArgs]] = None,
        scopetype: Optional[str] = None,
        server_type: Optional[str] = None,
        services: Optional[Sequence[str]] = None,
        src_filters: Optional[Sequence[str]] = None,
        src_vip_filter: Optional[str] = None,
        srcintf_filters: Optional[Sequence[str]] = None,
        ssl_accept_ffdhe_groups: Optional[str] = None,
        ssl_algorithm: Optional[str] = None,
        ssl_certificate: Optional[str] = None,
        ssl_cipher_suites: Optional[Sequence[ObjectFirewallVipSslCipherSuiteArgs]] = None,
        ssl_client_fallback: Optional[str] = None,
        ssl_client_rekey_count: Optional[float] = None,
        ssl_client_renegotiation: Optional[str] = None,
        ssl_client_session_state_max: Optional[float] = None,
        ssl_client_session_state_timeout: Optional[float] = None,
        ssl_client_session_state_type: Optional[str] = None,
        ssl_dh_bits: Optional[str] = None,
        ssl_hpkp: Optional[str] = None,
        ssl_hpkp_age: Optional[float] = None,
        ssl_hpkp_backup: Optional[str] = None,
        ssl_hpkp_include_subdomains: Optional[str] = None,
        ssl_hpkp_primary: Optional[str] = None,
        ssl_hpkp_report_uri: Optional[str] = None,
        ssl_hsts: Optional[str] = None,
        ssl_hsts_age: Optional[float] = None,
        ssl_hsts_include_subdomains: Optional[str] = None,
        ssl_http_location_conversion: Optional[str] = None,
        ssl_http_match_host: Optional[str] = None,
        ssl_max_version: Optional[str] = None,
        ssl_min_version: Optional[str] = None,
        ssl_mode: Optional[str] = None,
        ssl_pfs: Optional[str] = None,
        ssl_send_empty_frags: Optional[str] = None,
        ssl_server_algorithm: Optional[str] = None,
        ssl_server_cipher_suites: Optional[Sequence[ObjectFirewallVipSslServerCipherSuiteArgs]] = None,
        ssl_server_max_version: Optional[str] = None,
        ssl_server_min_version: Optional[str] = None,
        ssl_server_renegotiation: Optional[str] = None,
        ssl_server_session_state_max: Optional[float] = None,
        ssl_server_session_state_timeout: Optional[float] = None,
        ssl_server_session_state_type: Optional[str] = None,
        status: Optional[str] = None,
        type: Optional[str] = None,
        uuid: Optional[str] = None,
        weblogic_server: Optional[str] = None,
        websphere_server: Optional[str] = None) -> ObjectFirewallVip
func GetObjectFirewallVip(ctx *Context, name string, id IDInput, state *ObjectFirewallVipState, opts ...ResourceOption) (*ObjectFirewallVip, error)
public static ObjectFirewallVip Get(string name, Input<string> id, ObjectFirewallVipState? state, CustomResourceOptions? opts = null)
public static ObjectFirewallVip get(String name, Output<String> id, ObjectFirewallVipState state, CustomResourceOptions options)
resources:  _:    type: fortimanager:ObjectFirewallVip    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color double
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
DynamicMappings List<ObjectFirewallVipDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
Extaddrs List<string>
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
Fosid double
Custom defined ID.
GratuitousArpInterval double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
GslbPublicIps List<ObjectFirewallVipGslbPublicIp>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl double
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips List<string>
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections double
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Name string
Virtual IP name.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
ObjectFirewallVipId string
an identifier for the resource with format {{name}}.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
Realservers List<ObjectFirewallVipRealserver>
Realservers. The structure of realservers block is documented below.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Services List<string>
Service name.
SrcFilters List<string>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters List<string>
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites List<ObjectFirewallVipSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount double
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax double
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout double
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge double
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge double
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerCipherSuites List<ObjectFirewallVipSslServerCipherSuite>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax double
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout double
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Enable/disable VIP. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
Adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color float64
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl float64
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
DynamicMappings []ObjectFirewallVipDynamicMappingTypeArgs
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
DynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
Extaddrs []string
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
Fosid float64
Custom defined ID.
GratuitousArpInterval float64
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
GslbPublicIps []ObjectFirewallVipGslbPublicIpArgs
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge float64
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration float64
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest float64
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest float64
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl float64
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips []string
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections float64
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Name string
Virtual IP name.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
ObjectFirewallVipId string
an identifier for the resource with format {{name}}.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Quic ObjectFirewallVipQuicTypeArgs
Quic. The structure of quic block is documented below.
Realservers []ObjectFirewallVipRealserverArgs
Realservers. The structure of realservers block is documented below.
Scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Services []string
Service name.
SrcFilters []string
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters []string
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites []ObjectFirewallVipSslCipherSuiteArgs
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount float64
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax float64
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout float64
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge float64
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge float64
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerCipherSuites []ObjectFirewallVipSslServerCipherSuiteArgs
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax float64
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout float64
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Enable/disable VIP. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Double
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings List<ObjectFirewallVipDynamicMapping>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs List<String>
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
fosid Double
Custom defined ID.
gratuitousArpInterval Double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps List<ObjectFirewallVipGslbPublicIp>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Double
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Double
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name String
Virtual IP name.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId String
an identifier for the resource with format {{name}}.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
realservers List<ObjectFirewallVipRealserver>
Realservers. The structure of realservers block is documented below.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services List<String>
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<ObjectFirewallVipSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Double
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Double
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Double
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Double
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Double
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites List<ObjectFirewallVipSslServerCipherSuite>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Double
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Double
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Enable/disable VIP. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom string
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color number
Color of icon on the GUI.
comment string
Comment.
dnsMappingTtl number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings ObjectFirewallVipDynamicMapping[]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable string
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs string[]
External FQDN address name.
extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport string
Incoming port number range that you want to map to a port number range on the destination network.
fosid number
Custom defined ID.
gratuitousArpInterval number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName string
Domain to use when integrating with FortiGSLB.
gslbHostname string
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps ObjectFirewallVipGslbPublicIp[]
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain string
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath string
Limit HTTP cookie persistence to the specified path.
httpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl number
Time-to-live for idle connections to servers.
httpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr string
Mapped FQDN address name.
mappedips string[]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport string
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections number
Maximum number of incomplete connections.
monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name string
Virtual IP name.
nat44 string
Enable/disable NAT44. Valid values: disable, enable.
nat46 string
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId string
an identifier for the resource with format {{name}}.
oneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward string
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuic
Quic. The structure of quic block is documented below.
realservers ObjectFirewallVipRealserver[]
Realservers. The structure of realservers block is documented below.
scopetype string
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services string[]
Service name.
srcFilters string[]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters string[]
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate string
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites ObjectFirewallVipSslCipherSuite[]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup string
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary string
Certificate to generate primary HPKP pin from.
sslHpkpReportUri string
URL to report HPKP violations to.
sslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites ObjectFirewallVipSslServerCipherSuite[]
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status string
Enable/disable VIP. Valid values: disable, enable.
type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
add_nat46_route str
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom str
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arp_reply str
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color float
Color of icon on the GUI.
comment str
Comment.
dns_mapping_ttl float
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamic_mappings Sequence[ObjectFirewallVipDynamicMappingArgs]
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamic_sort_subtable str
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs Sequence[str]
External FQDN address name.
extintf str
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip str
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport str
Incoming port number range that you want to map to a port number range on the destination network.
fosid float
Custom defined ID.
gratuitous_arp_interval float
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslb_domain_name str
Domain to use when integrating with FortiGSLB.
gslb_hostname str
Hostname to use within the configured FortiGSLB domain.
gslb_public_ips Sequence[ObjectFirewallVipGslbPublicIpArgs]
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2_support str
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3_support str
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
http_cookie_age float
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
http_cookie_domain str
Domain that HTTP cookie persistence should apply to.
http_cookie_domain_from_host str
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
http_cookie_generation float
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
http_cookie_path str
Limit HTTP cookie persistence to the specified path.
http_cookie_share str
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
http_ip_header str
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
http_ip_header_name str
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
http_multiplex str
Enable/disable HTTP multiplexing. Valid values: disable, enable.
http_multiplex_max_concurrent_request float
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
http_multiplex_max_request float
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
http_multiplex_ttl float
Time-to-live for idle connections to servers.
http_redirect str
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
http_supported_max_version str
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
https_cookie_secure str
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6_mappedip str
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6_mappedport str
IPv6 port number range on the destination network to which the external port number range is mapped.
ldb_method str
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mapped_addr str
Mapped FQDN address name.
mappedips Sequence[str]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport str
Port number range on the destination network to which the external port number range is mapped.
max_embryonic_connections float
Maximum number of incomplete connections.
monitor str
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name str
Virtual IP name.
nat44 str
Enable/disable NAT44. Valid values: disable, enable.
nat46 str
Enable/disable NAT46. Valid values: disable, enable.
nat_source_vip str
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
object_firewall_vip_id str
an identifier for the resource with format {{name}}.
one_click_gslb_server str
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlook_web_access str
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence str
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward str
Enable/disable port forwarding. Valid values: disable, enable.
portmapping_type str
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol str
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic ObjectFirewallVipQuicArgs
Quic. The structure of quic block is documented below.
realservers Sequence[ObjectFirewallVipRealserverArgs]
Realservers. The structure of realservers block is documented below.
scopetype str
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
server_type str
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services Sequence[str]
Service name.
src_filters Sequence[str]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
src_vip_filter str
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintf_filters Sequence[str]
Interfaces to which the VIP applies. Separate the names with spaces.
ssl_accept_ffdhe_groups str
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
ssl_algorithm str
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
ssl_certificate str
The name of the SSL certificate to use for SSL acceleration.
ssl_cipher_suites Sequence[ObjectFirewallVipSslCipherSuiteArgs]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
ssl_client_fallback str
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
ssl_client_rekey_count float
Maximum length of data in MB before triggering a client rekey (0 = disable).
ssl_client_renegotiation str
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
ssl_client_session_state_max float
Maximum number of client to FortiGate SSL session states to keep.
ssl_client_session_state_timeout float
Number of minutes to keep client to FortiGate SSL session state.
ssl_client_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
ssl_dh_bits str
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
ssl_hpkp str
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
ssl_hpkp_age float
Number of seconds the client should honour the HPKP setting.
ssl_hpkp_backup str
Certificate to generate backup HPKP pin from.
ssl_hpkp_include_subdomains str
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
ssl_hpkp_primary str
Certificate to generate primary HPKP pin from.
ssl_hpkp_report_uri str
URL to report HPKP violations to.
ssl_hsts str
Enable/disable including HSTS header in response. Valid values: disable, enable.
ssl_hsts_age float
Number of seconds the client should honour the HSTS setting.
ssl_hsts_include_subdomains str
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
ssl_http_location_conversion str
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
ssl_http_match_host str
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
ssl_max_version str
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_min_version str
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_mode str
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
ssl_pfs str
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
ssl_send_empty_frags str
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
ssl_server_algorithm str
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
ssl_server_cipher_suites Sequence[ObjectFirewallVipSslServerCipherSuiteArgs]
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
ssl_server_max_version str
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_min_version str
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_renegotiation str
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
ssl_server_session_state_max float
Maximum number of FortiGate to Server SSL session states to keep.
ssl_server_session_state_timeout float
Number of minutes to keep FortiGate to Server SSL session state.
ssl_server_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status str
Enable/disable VIP. Valid values: disable, enable.
type str
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid str
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogic_server str
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphere_server str
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
adom String
Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Number
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamicMappings List<Property Map>
Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
dynamicSortSubtable String
true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
extaddrs List<String>
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
fosid Number
Custom defined ID.
gratuitousArpInterval Number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
gslbPublicIps List<Property Map>
Gslb-Public-Ips. The structure of gslb_public_ips block is documented below.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Number
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Number
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name String
Virtual IP name.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
objectFirewallVipId String
an identifier for the resource with format {{name}}.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
quic Property Map
Quic. The structure of quic block is documented below.
realservers List<Property Map>
Realservers. The structure of realservers block is documented below.
scopetype String
The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
services List<String>
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<Property Map>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerCipherSuites List<Property Map>
Ssl-Server-Cipher-Suites. The structure of ssl_server_cipher_suites block is documented below.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Enable/disable VIP. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

Supporting Types

ObjectFirewallVipDynamicMapping
, ObjectFirewallVipDynamicMappingArgs

AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color double
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
Extaddr string
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
GratuitousArpInterval double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl double
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Id double
Custom defined ID.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips List<string>
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections double
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Realservers List<ObjectFirewallVipDynamicMappingRealserver>
Realservers. The structure of realservers block is documented below.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Service string
Service name.
SrcFilters List<string>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters List<string>
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites List<ObjectFirewallVipDynamicMappingSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount double
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax double
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout double
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge double
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge double
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax double
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout double
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Status. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
_scopes List<ObjectFirewallVipDynamicMapping_Scope>
_Scope. The structure of _scope block is documented below.
AddNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
ArpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
Color float64
Color of icon on the GUI.
Comment string
Comment.
DnsMappingTtl float64
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
Extaddr string
External FQDN address name.
Extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
Extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
Extport string
Incoming port number range that you want to map to a port number range on the destination network.
GratuitousArpInterval float64
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
GslbDomainName string
Domain to use when integrating with FortiGSLB.
GslbHostname string
Hostname to use within the configured FortiGSLB domain.
H2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
H3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
HttpCookieAge float64
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
HttpCookieDomain string
Domain that HTTP cookie persistence should apply to.
HttpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
HttpCookieGeneration float64
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
HttpCookiePath string
Limit HTTP cookie persistence to the specified path.
HttpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
HttpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
HttpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
HttpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
HttpMultiplexMaxConcurrentRequest float64
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
HttpMultiplexMaxRequest float64
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
HttpMultiplexTtl float64
Time-to-live for idle connections to servers.
HttpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
HttpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
HttpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
Id float64
Custom defined ID.
Ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
Ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
LdbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
MappedAddr string
Mapped FQDN address name.
Mappedips []string
IP address or address range on the destination network to which the external IP address is mapped.
Mappedport string
Port number range on the destination network to which the external port number range is mapped.
MaxEmbryonicConnections float64
Maximum number of incomplete connections.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Nat44 string
Enable/disable NAT44. Valid values: disable, enable.
Nat46 string
Enable/disable NAT46. Valid values: disable, enable.
NatSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
OneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
OutlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
Persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
Portforward string
Enable/disable port forwarding. Valid values: disable, enable.
PortmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
Protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
Realservers []ObjectFirewallVipDynamicMappingRealserver
Realservers. The structure of realservers block is documented below.
ServerType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
Service string
Service name.
SrcFilters []string
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
SrcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
SrcintfFilters []string
Interfaces to which the VIP applies. Separate the names with spaces.
SslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
SslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
SslCertificate string
The name of the SSL certificate to use for SSL acceleration.
SslCipherSuites []ObjectFirewallVipDynamicMappingSslCipherSuite
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
SslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
SslClientRekeyCount float64
Maximum length of data in MB before triggering a client rekey (0 = disable).
SslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
SslClientSessionStateMax float64
Maximum number of client to FortiGate SSL session states to keep.
SslClientSessionStateTimeout float64
Number of minutes to keep client to FortiGate SSL session state.
SslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
SslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
SslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
SslHpkpAge float64
Number of seconds the client should honour the HPKP setting.
SslHpkpBackup string
Certificate to generate backup HPKP pin from.
SslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
SslHpkpPrimary string
Certificate to generate primary HPKP pin from.
SslHpkpReportUri string
URL to report HPKP violations to.
SslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
SslHstsAge float64
Number of seconds the client should honour the HSTS setting.
SslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
SslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
SslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
SslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
SslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
SslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
SslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
SslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
SslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
SslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
SslServerSessionStateMax float64
Maximum number of FortiGate to Server SSL session states to keep.
SslServerSessionStateTimeout float64
Number of minutes to keep FortiGate to Server SSL session state.
SslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
Status string
Status. Valid values: disable, enable.
Type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
Uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
WeblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
WebsphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
_scopes []ObjectFirewallVipDynamicMapping_Scope
_Scope. The structure of _scope block is documented below.
_scopes List<ObjectFirewallVipDynamicMapping_Scope>
_Scope. The structure of _scope block is documented below.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Double
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Double
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
extaddr String
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
gratuitousArpInterval Double
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Double
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Double
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Double
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Double
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Double
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
id Double
Custom defined ID.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Double
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
realservers List<ObjectFirewallVipDynamicMappingRealserver>
Realservers. The structure of realservers block is documented below.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
service String
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<ObjectFirewallVipDynamicMappingSslCipherSuite>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Double
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Double
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Double
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Double
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Double
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Double
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Double
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Status. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
_scopes ObjectFirewallVipDynamicMapping_Scope[]
_Scope. The structure of _scope block is documented below.
addNat46Route string
Enable/disable adding NAT46 route. Valid values: disable, enable.
arpReply string
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color number
Color of icon on the GUI.
comment string
Comment.
dnsMappingTtl number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
extaddr string
External FQDN address name.
extintf string
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip string
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport string
Incoming port number range that you want to map to a port number range on the destination network.
gratuitousArpInterval number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName string
Domain to use when integrating with FortiGSLB.
gslbHostname string
Hostname to use within the configured FortiGSLB domain.
h2Support string
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support string
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain string
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost string
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath string
Limit HTTP cookie persistence to the specified path.
httpCookieShare string
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader string
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName string
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex string
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl number
Time-to-live for idle connections to servers.
httpRedirect string
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion string
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure string
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
id number
Custom defined ID.
ipv6Mappedip string
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport string
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod string
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr string
Mapped FQDN address name.
mappedips string[]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport string
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections number
Maximum number of incomplete connections.
monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
nat44 string
Enable/disable NAT44. Valid values: disable, enable.
nat46 string
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip string
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
oneClickGslbServer string
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess string
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence string
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward string
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType string
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol string
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
realservers ObjectFirewallVipDynamicMappingRealserver[]
Realservers. The structure of realservers block is documented below.
serverType string
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
service string
Service name.
srcFilters string[]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter string
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters string[]
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups string
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm string
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate string
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites ObjectFirewallVipDynamicMappingSslCipherSuite[]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback string
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation string
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits string
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp string
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup string
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains string
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary string
Certificate to generate primary HPKP pin from.
sslHpkpReportUri string
URL to report HPKP violations to.
sslHsts string
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains string
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion string
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost string
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion string
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion string
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode string
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs string
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags string
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm string
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerMaxVersion string
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion string
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation string
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType string
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status string
Status. Valid values: disable, enable.
type string
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid string
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer string
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer string
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
_scopes Sequence[ObjectFirewallVipDynamicMapping_Scope]
_Scope. The structure of _scope block is documented below.
add_nat46_route str
Enable/disable adding NAT46 route. Valid values: disable, enable.
arp_reply str
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color float
Color of icon on the GUI.
comment str
Comment.
dns_mapping_ttl float
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
extaddr str
External FQDN address name.
extintf str
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip str
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport str
Incoming port number range that you want to map to a port number range on the destination network.
gratuitous_arp_interval float
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslb_domain_name str
Domain to use when integrating with FortiGSLB.
gslb_hostname str
Hostname to use within the configured FortiGSLB domain.
h2_support str
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3_support str
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
http_cookie_age float
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
http_cookie_domain str
Domain that HTTP cookie persistence should apply to.
http_cookie_domain_from_host str
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
http_cookie_generation float
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
http_cookie_path str
Limit HTTP cookie persistence to the specified path.
http_cookie_share str
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
http_ip_header str
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
http_ip_header_name str
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
http_multiplex str
Enable/disable HTTP multiplexing. Valid values: disable, enable.
http_multiplex_max_concurrent_request float
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
http_multiplex_max_request float
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
http_multiplex_ttl float
Time-to-live for idle connections to servers.
http_redirect str
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
http_supported_max_version str
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
https_cookie_secure str
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
id float
Custom defined ID.
ipv6_mappedip str
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6_mappedport str
IPv6 port number range on the destination network to which the external port number range is mapped.
ldb_method str
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mapped_addr str
Mapped FQDN address name.
mappedips Sequence[str]
IP address or address range on the destination network to which the external IP address is mapped.
mappedport str
Port number range on the destination network to which the external port number range is mapped.
max_embryonic_connections float
Maximum number of incomplete connections.
monitor str
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
nat44 str
Enable/disable NAT44. Valid values: disable, enable.
nat46 str
Enable/disable NAT46. Valid values: disable, enable.
nat_source_vip str
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
one_click_gslb_server str
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlook_web_access str
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence str
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward str
Enable/disable port forwarding. Valid values: disable, enable.
portmapping_type str
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol str
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
realservers Sequence[ObjectFirewallVipDynamicMappingRealserver]
Realservers. The structure of realservers block is documented below.
server_type str
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
service str
Service name.
src_filters Sequence[str]
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
src_vip_filter str
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintf_filters Sequence[str]
Interfaces to which the VIP applies. Separate the names with spaces.
ssl_accept_ffdhe_groups str
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
ssl_algorithm str
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
ssl_certificate str
The name of the SSL certificate to use for SSL acceleration.
ssl_cipher_suites Sequence[ObjectFirewallVipDynamicMappingSslCipherSuite]
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
ssl_client_fallback str
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
ssl_client_rekey_count float
Maximum length of data in MB before triggering a client rekey (0 = disable).
ssl_client_renegotiation str
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
ssl_client_session_state_max float
Maximum number of client to FortiGate SSL session states to keep.
ssl_client_session_state_timeout float
Number of minutes to keep client to FortiGate SSL session state.
ssl_client_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
ssl_dh_bits str
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
ssl_hpkp str
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
ssl_hpkp_age float
Number of seconds the client should honour the HPKP setting.
ssl_hpkp_backup str
Certificate to generate backup HPKP pin from.
ssl_hpkp_include_subdomains str
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
ssl_hpkp_primary str
Certificate to generate primary HPKP pin from.
ssl_hpkp_report_uri str
URL to report HPKP violations to.
ssl_hsts str
Enable/disable including HSTS header in response. Valid values: disable, enable.
ssl_hsts_age float
Number of seconds the client should honour the HSTS setting.
ssl_hsts_include_subdomains str
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
ssl_http_location_conversion str
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
ssl_http_match_host str
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
ssl_max_version str
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_min_version str
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
ssl_mode str
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
ssl_pfs str
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
ssl_send_empty_frags str
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
ssl_server_algorithm str
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
ssl_server_max_version str
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_min_version str
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
ssl_server_renegotiation str
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
ssl_server_session_state_max float
Maximum number of FortiGate to Server SSL session states to keep.
ssl_server_session_state_timeout float
Number of minutes to keep FortiGate to Server SSL session state.
ssl_server_session_state_type str
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status str
Status. Valid values: disable, enable.
type str
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid str
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogic_server str
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphere_server str
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.
_scopes List<Property Map>
_Scope. The structure of _scope block is documented below.
addNat46Route String
Enable/disable adding NAT46 route. Valid values: disable, enable.
arpReply String
Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: disable, enable.
color Number
Color of icon on the GUI.
comment String
Comment.
dnsMappingTtl Number
DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
extaddr String
External FQDN address name.
extintf String
Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip String
IP address or address range on the external interface that you want to map to an address or address range on the destination network.
extport String
Incoming port number range that you want to map to a port number range on the destination network.
gratuitousArpInterval Number
Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
gslbDomainName String
Domain to use when integrating with FortiGSLB.
gslbHostname String
Hostname to use within the configured FortiGSLB domain.
h2Support String
Enable/disable HTTP2 support (default = enable). Valid values: disable, enable.
h3Support String
Enable/disable HTTP3/QUIC support (default = disable). Valid values: disable, enable.
httpCookieAge Number
Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
httpCookieDomain String
Domain that HTTP cookie persistence should apply to.
httpCookieDomainFromHost String
Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: disable, enable.
httpCookieGeneration Number
Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
httpCookiePath String
Limit HTTP cookie persistence to the specified path.
httpCookieShare String
Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: disable, same-ip.
httpIpHeader String
For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: disable, enable.
httpIpHeaderName String
For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
httpMultiplex String
Enable/disable HTTP multiplexing. Valid values: disable, enable.
httpMultiplexMaxConcurrentRequest Number
Maximum number of concurrent requests that a multiplex server can handle (default = unlimited).
httpMultiplexMaxRequest Number
Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited).
httpMultiplexTtl Number
Time-to-live for idle connections to servers.
httpRedirect String
Enable/disable redirection of HTTP to HTTPS Valid values: disable, enable.
httpSupportedMaxVersion String
Maximum supported HTTP versions. default = HTTP2 Valid values: http1, http2.
httpsCookieSecure String
Enable/disable verification that inserted HTTPS cookies are secure. Valid values: disable, enable.
id Number
Custom defined ID.
ipv6Mappedip String
Start-mapped-IPv6-address [-end mapped-IPv6-address].
ipv6Mappedport String
IPv6 port number range on the destination network to which the external port number range is mapped.
ldbMethod String
Method used to distribute sessions to real servers. Valid values: static, round-robin, weighted, least-session, least-rtt, first-alive, http-host.
mappedAddr String
Mapped FQDN address name.
mappedips List<String>
IP address or address range on the destination network to which the external IP address is mapped.
mappedport String
Port number range on the destination network to which the external port number range is mapped.
maxEmbryonicConnections Number
Maximum number of incomplete connections.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
nat44 String
Enable/disable NAT44. Valid values: disable, enable.
nat46 String
Enable/disable NAT46. Valid values: disable, enable.
natSourceVip String
Enable/disable forcing the source NAT mapped IP to the external IP for all traffic. Valid values: disable, enable.
oneClickGslbServer String
Enable/disable one click GSLB server integration with FortiGSLB. Valid values: disable, enable.
outlookWebAccess String
Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: disable, enable.
persistence String
Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: none, http-cookie, ssl-session-id.
portforward String
Enable/disable port forwarding. Valid values: disable, enable.
portmappingType String
Port mapping type. Valid values: 1-to-1, m-to-n.
protocol String
Protocol to use when forwarding packets. Valid values: tcp, udp, sctp, icmp.
realservers List<Property Map>
Realservers. The structure of realservers block is documented below.
serverType String
Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: http, https, ssl, tcp, udp, ip, imaps, pop3s, smtps.
service String
Service name.
srcFilters List<String>
Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcVipFilter String
Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: disable, enable.
srcintfFilters List<String>
Interfaces to which the VIP applies. Separate the names with spaces.
sslAcceptFfdheGroups String
Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: disable, enable.
sslAlgorithm String
Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: high, medium, low, custom.
sslCertificate String
The name of the SSL certificate to use for SSL acceleration.
sslCipherSuites List<Property Map>
Ssl-Cipher-Suites. The structure of ssl_cipher_suites block is documented below.
sslClientFallback String
Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: disable, enable.
sslClientRekeyCount Number
Maximum length of data in MB before triggering a client rekey (0 = disable).
sslClientRenegotiation String
Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: deny, allow, secure.
sslClientSessionStateMax Number
Maximum number of client to FortiGate SSL session states to keep.
sslClientSessionStateTimeout Number
Number of minutes to keep client to FortiGate SSL session state.
sslClientSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: disable, time, count, both.
sslDhBits String
Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: 768, 1024, 1536, 2048, 3072, 4096.
sslHpkp String
Enable/disable including HPKP header in response. Valid values: disable, enable, report-only.
sslHpkpAge Number
Number of seconds the client should honour the HPKP setting.
sslHpkpBackup String
Certificate to generate backup HPKP pin from.
sslHpkpIncludeSubdomains String
Indicate that HPKP header applies to all subdomains. Valid values: disable, enable.
sslHpkpPrimary String
Certificate to generate primary HPKP pin from.
sslHpkpReportUri String
URL to report HPKP violations to.
sslHsts String
Enable/disable including HSTS header in response. Valid values: disable, enable.
sslHstsAge Number
Number of seconds the client should honour the HSTS setting.
sslHstsIncludeSubdomains String
Indicate that HSTS header applies to all subdomains. Valid values: disable, enable.
sslHttpLocationConversion String
Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: disable, enable.
sslHttpMatchHost String
Enable/disable HTTP host matching for location conversion. Valid values: disable, enable.
sslMaxVersion String
Highest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMinVersion String
Lowest SSL/TLS version acceptable from a client. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
sslMode String
Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: half, full.
sslPfs String
Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: require, deny, allow.
sslSendEmptyFrags String
Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: disable, enable.
sslServerAlgorithm String
Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: high, low, medium, custom, client.
sslServerMaxVersion String
Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerMinVersion String
Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, client, tls-1.3.
sslServerRenegotiation String
Enable/disable secure renegotiation to comply with RFC 5746. Valid values: disable, enable.
sslServerSessionStateMax Number
Maximum number of FortiGate to Server SSL session states to keep.
sslServerSessionStateTimeout Number
Number of minutes to keep FortiGate to Server SSL session state.
sslServerSessionStateType String
How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: disable, time, count, both.
status String
Status. Valid values: disable, enable.
type String
Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. Valid values: static-nat, load-balance, server-load-balance, dns-translation, fqdn.
uuid String
Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
weblogicServer String
Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: disable, enable.
websphereServer String
Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: disable, enable.

ObjectFirewallVipDynamicMappingRealserver
, ObjectFirewallVipDynamicMappingRealserverArgs

Address string
Address.
ClientIps List<string>
Only clients in this IP range can connect to this real server.
HealthCheckProto string
Health-Check-Proto. Valid values: ping, http.
Healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
HolddownInterval double
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
HttpHost string
HTTP server domain name in HTTP header.
Id double
Real server ID.
Ip string
IP address of the real server.
MaxConnections double
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Port double
Port for communicating with the real server. Required if port forwarding is enabled.
Seq double
Seq.
Status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
TranslateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
Type string
Type. Valid values: ip, address.
Weight double
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
Address string
Address.
ClientIps []string
Only clients in this IP range can connect to this real server.
HealthCheckProto string
Health-Check-Proto. Valid values: ping, http.
Healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
HolddownInterval float64
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
HttpHost string
HTTP server domain name in HTTP header.
Id float64
Real server ID.
Ip string
IP address of the real server.
MaxConnections float64
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Port float64
Port for communicating with the real server. Required if port forwarding is enabled.
Seq float64
Seq.
Status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
TranslateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
Type string
Type. Valid values: ip, address.
Weight float64
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address String
Address.
clientIps List<String>
Only clients in this IP range can connect to this real server.
healthCheckProto String
Health-Check-Proto. Valid values: ping, http.
healthcheck String
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval Double
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost String
HTTP server domain name in HTTP header.
id Double
Real server ID.
ip String
IP address of the real server.
maxConnections Double
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port Double
Port for communicating with the real server. Required if port forwarding is enabled.
seq Double
Seq.
status String
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost String
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type String
Type. Valid values: ip, address.
weight Double
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address string
Address.
clientIps string[]
Only clients in this IP range can connect to this real server.
healthCheckProto string
Health-Check-Proto. Valid values: ping, http.
healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval number
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost string
HTTP server domain name in HTTP header.
id number
Real server ID.
ip string
IP address of the real server.
maxConnections number
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port number
Port for communicating with the real server. Required if port forwarding is enabled.
seq number
Seq.
status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type string
Type. Valid values: ip, address.
weight number
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address str
Address.
client_ips Sequence[str]
Only clients in this IP range can connect to this real server.
health_check_proto str
Health-Check-Proto. Valid values: ping, http.
healthcheck str
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddown_interval float
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
http_host str
HTTP server domain name in HTTP header.
id float
Real server ID.
ip str
IP address of the real server.
max_connections float
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor str
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port float
Port for communicating with the real server. Required if port forwarding is enabled.
seq float
Seq.
status str
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translate_host str
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type str
Type. Valid values: ip, address.
weight float
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address String
Address.
clientIps List<String>
Only clients in this IP range can connect to this real server.
healthCheckProto String
Health-Check-Proto. Valid values: ping, http.
healthcheck String
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval Number
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost String
HTTP server domain name in HTTP header.
id Number
Real server ID.
ip String
IP address of the real server.
maxConnections Number
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port Number
Port for communicating with the real server. Required if port forwarding is enabled.
seq Number
Seq.
status String
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost String
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type String
Type. Valid values: ip, address.
weight Number
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.

ObjectFirewallVipDynamicMappingSslCipherSuite
, ObjectFirewallVipDynamicMappingSslCipherSuiteArgs

Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Id double
Id.
Priority double
SSL/TLS cipher suites priority.
Versions List<string>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Id float64
Id.
Priority float64
SSL/TLS cipher suites priority.
Versions []string
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id Double
Id.
priority Double
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id number
Id.
priority number
SSL/TLS cipher suites priority.
versions string[]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher str
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id float
Id.
priority float
SSL/TLS cipher suites priority.
versions Sequence[str]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id Number
Id.
priority Number
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.

ObjectFirewallVipDynamicMapping_Scope
, ObjectFirewallVipDynamicMapping_ScopeArgs

Name string
Name.
Vdom string
Vdom.
Name string
Name.
Vdom string
Vdom.
name String
Name.
vdom String
Vdom.
name string
Name.
vdom string
Vdom.
name str
Name.
vdom str
Vdom.
name String
Name.
vdom String
Vdom.

ObjectFirewallVipGslbPublicIp
, ObjectFirewallVipGslbPublicIpArgs

Index double
Index of this public IP setting.
Ip string
The publicly accessible IP address.
Index float64
Index of this public IP setting.
Ip string
The publicly accessible IP address.
index Double
Index of this public IP setting.
ip String
The publicly accessible IP address.
index number
Index of this public IP setting.
ip string
The publicly accessible IP address.
index float
Index of this public IP setting.
ip str
The publicly accessible IP address.
index Number
Index of this public IP setting.
ip String
The publicly accessible IP address.

ObjectFirewallVipQuic
, ObjectFirewallVipQuicArgs

AckDelayExponent double
ACK delay exponent (1 - 20, default = 3).
ActiveConnectionIdLimit double
Active connection ID limit (1 - 8, default = 2).
ActiveMigration string
Enable/disable active migration (default = disable). Valid values: disable, enable.
GreaseQuicBit string
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
MaxAckDelay double
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
MaxDatagramFrameSize double
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
MaxIdleTimeout double
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
MaxUdpPayloadSize double
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
AckDelayExponent float64
ACK delay exponent (1 - 20, default = 3).
ActiveConnectionIdLimit float64
Active connection ID limit (1 - 8, default = 2).
ActiveMigration string
Enable/disable active migration (default = disable). Valid values: disable, enable.
GreaseQuicBit string
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
MaxAckDelay float64
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
MaxDatagramFrameSize float64
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
MaxIdleTimeout float64
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
MaxUdpPayloadSize float64
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ackDelayExponent Double
ACK delay exponent (1 - 20, default = 3).
activeConnectionIdLimit Double
Active connection ID limit (1 - 8, default = 2).
activeMigration String
Enable/disable active migration (default = disable). Valid values: disable, enable.
greaseQuicBit String
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
maxAckDelay Double
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
maxDatagramFrameSize Double
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
maxIdleTimeout Double
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
maxUdpPayloadSize Double
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ackDelayExponent number
ACK delay exponent (1 - 20, default = 3).
activeConnectionIdLimit number
Active connection ID limit (1 - 8, default = 2).
activeMigration string
Enable/disable active migration (default = disable). Valid values: disable, enable.
greaseQuicBit string
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
maxAckDelay number
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
maxDatagramFrameSize number
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
maxIdleTimeout number
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
maxUdpPayloadSize number
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ack_delay_exponent float
ACK delay exponent (1 - 20, default = 3).
active_connection_id_limit float
Active connection ID limit (1 - 8, default = 2).
active_migration str
Enable/disable active migration (default = disable). Valid values: disable, enable.
grease_quic_bit str
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
max_ack_delay float
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
max_datagram_frame_size float
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
max_idle_timeout float
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
max_udp_payload_size float
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ackDelayExponent Number
ACK delay exponent (1 - 20, default = 3).
activeConnectionIdLimit Number
Active connection ID limit (1 - 8, default = 2).
activeMigration String
Enable/disable active migration (default = disable). Valid values: disable, enable.
greaseQuicBit String
Enable/disable grease QUIC bit (default = enable). Valid values: disable, enable.
maxAckDelay Number
Maximum ACK delay in milliseconds (1 - 16383, default = 25).
maxDatagramFrameSize Number
Maximum datagram frame size in bytes (1 - 1500, default = 1500).
maxIdleTimeout Number
Maximum idle timeout milliseconds (1 - 60000, default = 30000).
maxUdpPayloadSize Number
Maximum UDP payload size in bytes (1200 - 1500, default = 1500).

ObjectFirewallVipRealserver
, ObjectFirewallVipRealserverArgs

Address string
Dynamic address of the real server.
ClientIps List<string>
Only clients in this IP range can connect to this real server.
Healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
HolddownInterval double
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
HttpHost string
HTTP server domain name in HTTP header.
Id double
Real server ID.
Ip string
IP address of the real server.
MaxConnections double
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Port double
Port for communicating with the real server. Required if port forwarding is enabled.
Seq double
Seq.
Status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
TranslateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
Type string
Type of address. Valid values: ip, address.
Weight double
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
Address string
Dynamic address of the real server.
ClientIps []string
Only clients in this IP range can connect to this real server.
Healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
HolddownInterval float64
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
HttpHost string
HTTP server domain name in HTTP header.
Id float64
Real server ID.
Ip string
IP address of the real server.
MaxConnections float64
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
Monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
Port float64
Port for communicating with the real server. Required if port forwarding is enabled.
Seq float64
Seq.
Status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
TranslateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
Type string
Type of address. Valid values: ip, address.
Weight float64
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address String
Dynamic address of the real server.
clientIps List<String>
Only clients in this IP range can connect to this real server.
healthcheck String
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval Double
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost String
HTTP server domain name in HTTP header.
id Double
Real server ID.
ip String
IP address of the real server.
maxConnections Double
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port Double
Port for communicating with the real server. Required if port forwarding is enabled.
seq Double
Seq.
status String
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost String
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type String
Type of address. Valid values: ip, address.
weight Double
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address string
Dynamic address of the real server.
clientIps string[]
Only clients in this IP range can connect to this real server.
healthcheck string
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval number
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost string
HTTP server domain name in HTTP header.
id number
Real server ID.
ip string
IP address of the real server.
maxConnections number
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor string
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port number
Port for communicating with the real server. Required if port forwarding is enabled.
seq number
Seq.
status string
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost string
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type string
Type of address. Valid values: ip, address.
weight number
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address str
Dynamic address of the real server.
client_ips Sequence[str]
Only clients in this IP range can connect to this real server.
healthcheck str
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddown_interval float
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
http_host str
HTTP server domain name in HTTP header.
id float
Real server ID.
ip str
IP address of the real server.
max_connections float
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor str
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port float
Port for communicating with the real server. Required if port forwarding is enabled.
seq float
Seq.
status str
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translate_host str
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type str
Type of address. Valid values: ip, address.
weight float
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
address String
Dynamic address of the real server.
clientIps List<String>
Only clients in this IP range can connect to this real server.
healthcheck String
Enable to check the responsiveness of the real server before forwarding traffic. Valid values: disable, enable, vip.
holddownInterval Number
Time in seconds that the health check monitor continues to monitor and unresponsive server that should be active.
httpHost String
HTTP server domain name in HTTP header.
id Number
Real server ID.
ip String
IP address of the real server.
maxConnections Number
Max number of active connections that can be directed to the real server. When reached, sessions are sent to other real servers.
monitor String
Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
port Number
Port for communicating with the real server. Required if port forwarding is enabled.
seq Number
Seq.
status String
Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values: active, standby, disable.
translateHost String
Enable/disable translation of hostname/IP from virtual server to real server. Valid values: disable, enable.
type String
Type of address. Valid values: ip, address.
weight Number
Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.

ObjectFirewallVipSslCipherSuite
, ObjectFirewallVipSslCipherSuiteArgs

Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Id double
Id.
Priority double
SSL/TLS cipher suites priority.
Versions List<string>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Id float64
Id.
Priority float64
SSL/TLS cipher suites priority.
Versions []string
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id Double
Id.
priority Double
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id number
Id.
priority number
SSL/TLS cipher suites priority.
versions string[]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher str
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id float
Id.
priority float
SSL/TLS cipher suites priority.
versions Sequence[str]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
id Number
Id.
priority Number
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.

ObjectFirewallVipSslServerCipherSuite
, ObjectFirewallVipSslServerCipherSuiteArgs

Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Priority double
SSL/TLS cipher suites priority.
Versions List<string>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
Cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
Priority float64
SSL/TLS cipher suites priority.
Versions []string
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
priority Double
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher string
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
priority number
SSL/TLS cipher suites priority.
versions string[]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher str
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
priority float
SSL/TLS cipher suites priority.
versions Sequence[str]
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.
cipher String
Cipher suite name. Valid values: TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, TLS-RSA-WITH-3DES-EDE-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA, TLS-RSA-WITH-AES-256-CBC-SHA, TLS-RSA-WITH-AES-128-CBC-SHA256, TLS-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-RSA-WITH-SEED-CBC-SHA, TLS-RSA-WITH-ARIA-128-CBC-SHA256, TLS-RSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-RSA-WITH-DES-CBC-SHA, TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-RSA-WITH-SEED-CBC-SHA, TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-RC4-128-SHA, TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256, TLS-DHE-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-AES-128-CBC-SHA, TLS-DHE-DSS-WITH-AES-256-CBC-SHA, TLS-DHE-DSS-WITH-AES-128-CBC-SHA256, TLS-DHE-DSS-WITH-AES-128-GCM-SHA256, TLS-DHE-DSS-WITH-AES-256-CBC-SHA256, TLS-DHE-DSS-WITH-AES-256-GCM-SHA384, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, TLS-RSA-WITH-AES-128-GCM-SHA256, TLS-RSA-WITH-AES-256-GCM-SHA384, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA, TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256, TLS-DHE-DSS-WITH-SEED-CBC-SHA, TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256, TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384, TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256, TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384, TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA, TLS-DHE-DSS-WITH-DES-CBC-SHA, TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256.
priority Number
SSL/TLS cipher suites priority.
versions List<String>
SSL/TLS versions that the cipher suite can be used with. Valid values: ssl-3.0, tls-1.0, tls-1.1, tls-1.2, tls-1.3.

Import

ObjectFirewall Vip can be imported using any of these accepted formats:

$ export “FORTIMANAGER_IMPORT_TABLE”=“true”

$ pulumi import fortimanager:index/objectFirewallVip:ObjectFirewallVip labelname {{name}}
Copy

$ unset “FORTIMANAGER_IMPORT_TABLE”

-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
fortimanager fortinetdev/terraform-provider-fortimanager
License
Notes
This Pulumi package is based on the fortimanager Terraform Provider.