Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.ObjectFirewallVip6
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Configure virtual IP for IPv6.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
dynamic_mapping:fortimanager.ObjectFirewallVip6DynamicMappingquic:fortimanager.ObjectFirewallVip6Quicrealservers:fortimanager.ObjectFirewallVip6Realserversssl_cipher_suites:fortimanager_object_firewall_vip6_sslciphersuitesssl_server_cipher_suites:fortimanager.ObjectFirewallVip6Sslserverciphersuites
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const trname = new fortimanager.ObjectFirewallVip6("trname", {
arpReply: "enable",
color: 1,
comment: "This is a Terraform example",
extip: "2001:192:168:1::2",
extport: "0",
httpCookieAge: 60,
httpCookieDomainFromHost: "disable",
httpCookieShare: "same-ip",
httpIpHeader: "disable",
httpMultiplex: "disable",
httpRedirect: "disable",
httpsCookieSecure: "disable",
ldbMethod: "static",
mappedips: ["2001:192:168:1::2"],
mappedport: "0",
maxEmbryonicConnections: 1000,
natSourceVip: "disable",
outlookWebAccess: "disable",
persistence: "none",
portforward: "disable",
protocol: "tcp",
sslClientFallback: "enable",
sslHsts: "disable",
sslHstsAge: 5184000,
sslHstsIncludeSubdomains: "disable",
sslHttpLocationConversion: "disable",
sslServerAlgorithm: "client",
sslServerMaxVersion: "client",
sslServerMinVersion: "client",
sslServerSessionStateType: "both",
type: "static-nat",
weblogicServer: "disable",
websphereServer: "disable",
});
import pulumi
import pulumi_fortimanager as fortimanager
trname = fortimanager.ObjectFirewallVip6("trname",
arp_reply="enable",
color=1,
comment="This is a Terraform example",
extip="2001:192:168:1::2",
extport="0",
http_cookie_age=60,
http_cookie_domain_from_host="disable",
http_cookie_share="same-ip",
http_ip_header="disable",
http_multiplex="disable",
http_redirect="disable",
https_cookie_secure="disable",
ldb_method="static",
mappedips=["2001:192:168:1::2"],
mappedport="0",
max_embryonic_connections=1000,
nat_source_vip="disable",
outlook_web_access="disable",
persistence="none",
portforward="disable",
protocol="tcp",
ssl_client_fallback="enable",
ssl_hsts="disable",
ssl_hsts_age=5184000,
ssl_hsts_include_subdomains="disable",
ssl_http_location_conversion="disable",
ssl_server_algorithm="client",
ssl_server_max_version="client",
ssl_server_min_version="client",
ssl_server_session_state_type="both",
type="static-nat",
weblogic_server="disable",
websphere_server="disable")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewObjectFirewallVip6(ctx, "trname", &fortimanager.ObjectFirewallVip6Args{
ArpReply: pulumi.String("enable"),
Color: pulumi.Float64(1),
Comment: pulumi.String("This is a Terraform example"),
Extip: pulumi.String("2001:192:168:1::2"),
Extport: pulumi.String("0"),
HttpCookieAge: pulumi.Float64(60),
HttpCookieDomainFromHost: pulumi.String("disable"),
HttpCookieShare: pulumi.String("same-ip"),
HttpIpHeader: pulumi.String("disable"),
HttpMultiplex: pulumi.String("disable"),
HttpRedirect: pulumi.String("disable"),
HttpsCookieSecure: pulumi.String("disable"),
LdbMethod: pulumi.String("static"),
Mappedips: pulumi.StringArray{
pulumi.String("2001:192:168:1::2"),
},
Mappedport: pulumi.String("0"),
MaxEmbryonicConnections: pulumi.Float64(1000),
NatSourceVip: pulumi.String("disable"),
OutlookWebAccess: pulumi.String("disable"),
Persistence: pulumi.String("none"),
Portforward: pulumi.String("disable"),
Protocol: pulumi.String("tcp"),
SslClientFallback: pulumi.String("enable"),
SslHsts: pulumi.String("disable"),
SslHstsAge: pulumi.Float64(5184000),
SslHstsIncludeSubdomains: pulumi.String("disable"),
SslHttpLocationConversion: pulumi.String("disable"),
SslServerAlgorithm: pulumi.String("client"),
SslServerMaxVersion: pulumi.String("client"),
SslServerMinVersion: pulumi.String("client"),
SslServerSessionStateType: pulumi.String("both"),
Type: pulumi.String("static-nat"),
WeblogicServer: pulumi.String("disable"),
WebsphereServer: pulumi.String("disable"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var trname = new Fortimanager.ObjectFirewallVip6("trname", new()
{
ArpReply = "enable",
Color = 1,
Comment = "This is a Terraform example",
Extip = "2001:192:168:1::2",
Extport = "0",
HttpCookieAge = 60,
HttpCookieDomainFromHost = "disable",
HttpCookieShare = "same-ip",
HttpIpHeader = "disable",
HttpMultiplex = "disable",
HttpRedirect = "disable",
HttpsCookieSecure = "disable",
LdbMethod = "static",
Mappedips = new[]
{
"2001:192:168:1::2",
},
Mappedport = "0",
MaxEmbryonicConnections = 1000,
NatSourceVip = "disable",
OutlookWebAccess = "disable",
Persistence = "none",
Portforward = "disable",
Protocol = "tcp",
SslClientFallback = "enable",
SslHsts = "disable",
SslHstsAge = 5184000,
SslHstsIncludeSubdomains = "disable",
SslHttpLocationConversion = "disable",
SslServerAlgorithm = "client",
SslServerMaxVersion = "client",
SslServerMinVersion = "client",
SslServerSessionStateType = "both",
Type = "static-nat",
WeblogicServer = "disable",
WebsphereServer = "disable",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectFirewallVip6;
import com.pulumi.fortimanager.ObjectFirewallVip6Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new ObjectFirewallVip6("trname", ObjectFirewallVip6Args.builder()
.arpReply("enable")
.color(1)
.comment("This is a Terraform example")
.extip("2001:192:168:1::2")
.extport("0")
.httpCookieAge(60)
.httpCookieDomainFromHost("disable")
.httpCookieShare("same-ip")
.httpIpHeader("disable")
.httpMultiplex("disable")
.httpRedirect("disable")
.httpsCookieSecure("disable")
.ldbMethod("static")
.mappedips("2001:192:168:1::2")
.mappedport("0")
.maxEmbryonicConnections(1000)
.natSourceVip("disable")
.outlookWebAccess("disable")
.persistence("none")
.portforward("disable")
.protocol("tcp")
.sslClientFallback("enable")
.sslHsts("disable")
.sslHstsAge(5184000)
.sslHstsIncludeSubdomains("disable")
.sslHttpLocationConversion("disable")
.sslServerAlgorithm("client")
.sslServerMaxVersion("client")
.sslServerMinVersion("client")
.sslServerSessionStateType("both")
.type("static-nat")
.weblogicServer("disable")
.websphereServer("disable")
.build());
}
}
resources:
trname:
type: fortimanager:ObjectFirewallVip6
properties:
arpReply: enable
color: 1
comment: This is a Terraform example
extip: 2001:192:168:1::2
extport: '0'
httpCookieAge: 60
httpCookieDomainFromHost: disable
httpCookieShare: same-ip
httpIpHeader: disable
httpMultiplex: disable
httpRedirect: disable
httpsCookieSecure: disable
ldbMethod: static
mappedips:
- 2001:192:168:1::2
mappedport: '0'
maxEmbryonicConnections: 1000
natSourceVip: disable
outlookWebAccess: disable
persistence: none
portforward: disable
protocol: tcp
sslClientFallback: enable
sslHsts: disable
sslHstsAge: 5.184e+06
sslHstsIncludeSubdomains: disable
sslHttpLocationConversion: disable
sslServerAlgorithm: client
sslServerMaxVersion: client
sslServerMinVersion: client
sslServerSessionStateType: both
type: static-nat
weblogicServer: disable
websphereServer: disable
Create ObjectFirewallVip6 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectFirewallVip6(name: string, args?: ObjectFirewallVip6Args, opts?: CustomResourceOptions);@overload
def ObjectFirewallVip6(resource_name: str,
args: Optional[ObjectFirewallVip6Args] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectFirewallVip6(resource_name: str,
opts: Optional[ResourceOptions] = None,
add_nat64_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectFirewallVip6DynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedips: Optional[Sequence[str]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
name: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
object_firewall_vip6_id: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[ObjectFirewallVip6QuicArgs] = None,
realservers: Optional[Sequence[ObjectFirewallVip6RealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVip6SslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[ObjectFirewallVip6SslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None)func NewObjectFirewallVip6(ctx *Context, name string, args *ObjectFirewallVip6Args, opts ...ResourceOption) (*ObjectFirewallVip6, error)public ObjectFirewallVip6(string name, ObjectFirewallVip6Args? args = null, CustomResourceOptions? opts = null)
public ObjectFirewallVip6(String name, ObjectFirewallVip6Args args)
public ObjectFirewallVip6(String name, ObjectFirewallVip6Args args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallVip6
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectFirewallVip6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectFirewallVip6Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectFirewallVip6Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectFirewallVip6Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectFirewallVip6Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectFirewallVip6Resource = new Fortimanager.ObjectFirewallVip6("objectFirewallVip6Resource", new()
{
AddNat64Route = "string",
Adom = "string",
ArpReply = "string",
Color = 0,
Comment = "string",
DynamicMappings = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMappingArgs
{
_scopes = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AddNat64Route = "string",
ArpReply = "string",
Color = 0,
Comment = "string",
EmbeddedIpv4Address = "string",
Extip = "string",
Extport = "string",
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpRedirect = "string",
HttpsCookieSecure = "string",
Id = 0,
Ipv4Mappedip = "string",
Ipv4Mappedport = "string",
LdbMethod = "string",
Mappedip = "string",
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitor = "string",
Nat64 = "string",
Nat66 = "string",
NatSourceVip = "string",
NdpReply = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
Protocol = "string",
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMappingRealserverArgs
{
ClientIp = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Status = "string",
TranslateHost = "string",
Weight = 0,
},
},
ServerType = "string",
SrcFilters = new[]
{
"string",
},
SrcVipFilter = "string",
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Type = "string",
Uuid = "string",
WeblogicServer = "string",
WebsphereServer = "string",
},
},
DynamicSortSubtable = "string",
EmbeddedIpv4Address = "string",
Extip = "string",
Extport = "string",
Fosid = 0,
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpIpHeader = "string",
HttpIpHeaderName = "string",
HttpMultiplex = "string",
HttpRedirect = "string",
HttpsCookieSecure = "string",
Ipv4Mappedip = "string",
Ipv4Mappedport = "string",
LdbMethod = "string",
Mappedips = new[]
{
"string",
},
Mappedport = "string",
MaxEmbryonicConnections = 0,
Monitor = "string",
Name = "string",
Nat64 = "string",
Nat66 = "string",
NatSourceVip = "string",
NdpReply = "string",
ObjectFirewallVip6Id = "string",
OutlookWebAccess = "string",
Persistence = "string",
Portforward = "string",
Protocol = "string",
Quic = new Fortimanager.Inputs.ObjectFirewallVip6QuicArgs
{
AckDelayExponent = 0,
ActiveConnectionIdLimit = 0,
ActiveMigration = "string",
GreaseQuicBit = "string",
MaxAckDelay = 0,
MaxDatagramFrameSize = 0,
MaxIdleTimeout = 0,
MaxUdpPayloadSize = 0,
},
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6RealserverArgs
{
ClientIp = "string",
Healthcheck = "string",
HolddownInterval = 0,
HttpHost = "string",
Id = 0,
Ip = "string",
MaxConnections = 0,
Monitor = "string",
Port = 0,
Status = "string",
TranslateHost = "string",
Weight = 0,
},
},
Scopetype = "string",
ServerType = "string",
SrcFilters = new[]
{
"string",
},
SrcVipFilter = "string",
SslAcceptFfdheGroups = "string",
SslAlgorithm = "string",
SslCertificate = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6SslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslClientFallback = "string",
SslClientRekeyCount = 0,
SslClientRenegotiation = "string",
SslClientSessionStateMax = 0,
SslClientSessionStateTimeout = 0,
SslClientSessionStateType = "string",
SslDhBits = "string",
SslHpkp = "string",
SslHpkpAge = 0,
SslHpkpBackup = "string",
SslHpkpIncludeSubdomains = "string",
SslHpkpPrimary = "string",
SslHpkpReportUri = "string",
SslHsts = "string",
SslHstsAge = 0,
SslHstsIncludeSubdomains = "string",
SslHttpLocationConversion = "string",
SslHttpMatchHost = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslMode = "string",
SslPfs = "string",
SslSendEmptyFrags = "string",
SslServerAlgorithm = "string",
SslServerCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallVip6SslServerCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslServerMaxVersion = "string",
SslServerMinVersion = "string",
SslServerRenegotiation = "string",
SslServerSessionStateMax = 0,
SslServerSessionStateTimeout = 0,
SslServerSessionStateType = "string",
Type = "string",
Uuid = "string",
WeblogicServer = "string",
WebsphereServer = "string",
});
example, err := fortimanager.NewObjectFirewallVip6(ctx, "objectFirewallVip6Resource", &fortimanager.ObjectFirewallVip6Args{
AddNat64Route: pulumi.String("string"),
Adom: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
DynamicMappings: .ObjectFirewallVip6DynamicMappingTypeArray{
&.ObjectFirewallVip6DynamicMappingTypeArgs{
_scopes: .ObjectFirewallVip6DynamicMapping_ScopeArray{
&.ObjectFirewallVip6DynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AddNat64Route: pulumi.String("string"),
ArpReply: pulumi.String("string"),
Color: pulumi.Float64(0),
Comment: pulumi.String("string"),
EmbeddedIpv4Address: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpRedirect: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Id: pulumi.Float64(0),
Ipv4Mappedip: pulumi.String("string"),
Ipv4Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
Mappedip: pulumi.String("string"),
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Nat64: pulumi.String("string"),
Nat66: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
NdpReply: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
Protocol: pulumi.String("string"),
Realservers: .ObjectFirewallVip6DynamicMappingRealserverArray{
&.ObjectFirewallVip6DynamicMappingRealserverArgs{
ClientIp: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
ServerType: pulumi.String("string"),
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVip6DynamicMappingSslCipherSuiteArray{
&.ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
EmbeddedIpv4Address: pulumi.String("string"),
Extip: pulumi.String("string"),
Extport: pulumi.String("string"),
Fosid: pulumi.Float64(0),
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpIpHeader: pulumi.String("string"),
HttpIpHeaderName: pulumi.String("string"),
HttpMultiplex: pulumi.String("string"),
HttpRedirect: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Ipv4Mappedip: pulumi.String("string"),
Ipv4Mappedport: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
Mappedips: pulumi.StringArray{
pulumi.String("string"),
},
Mappedport: pulumi.String("string"),
MaxEmbryonicConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Name: pulumi.String("string"),
Nat64: pulumi.String("string"),
Nat66: pulumi.String("string"),
NatSourceVip: pulumi.String("string"),
NdpReply: pulumi.String("string"),
ObjectFirewallVip6Id: pulumi.String("string"),
OutlookWebAccess: pulumi.String("string"),
Persistence: pulumi.String("string"),
Portforward: pulumi.String("string"),
Protocol: pulumi.String("string"),
Quic: &.ObjectFirewallVip6QuicTypeArgs{
AckDelayExponent: pulumi.Float64(0),
ActiveConnectionIdLimit: pulumi.Float64(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Float64(0),
MaxDatagramFrameSize: pulumi.Float64(0),
MaxIdleTimeout: pulumi.Float64(0),
MaxUdpPayloadSize: pulumi.Float64(0),
},
Realservers: .ObjectFirewallVip6RealserverArray{
&.ObjectFirewallVip6RealserverArgs{
ClientIp: pulumi.String("string"),
Healthcheck: pulumi.String("string"),
HolddownInterval: pulumi.Float64(0),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
MaxConnections: pulumi.Float64(0),
Monitor: pulumi.String("string"),
Port: pulumi.Float64(0),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
Scopetype: pulumi.String("string"),
ServerType: pulumi.String("string"),
SrcFilters: pulumi.StringArray{
pulumi.String("string"),
},
SrcVipFilter: pulumi.String("string"),
SslAcceptFfdheGroups: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCertificate: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallVip6SslCipherSuiteArray{
&.ObjectFirewallVip6SslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslClientFallback: pulumi.String("string"),
SslClientRekeyCount: pulumi.Float64(0),
SslClientRenegotiation: pulumi.String("string"),
SslClientSessionStateMax: pulumi.Float64(0),
SslClientSessionStateTimeout: pulumi.Float64(0),
SslClientSessionStateType: pulumi.String("string"),
SslDhBits: pulumi.String("string"),
SslHpkp: pulumi.String("string"),
SslHpkpAge: pulumi.Float64(0),
SslHpkpBackup: pulumi.String("string"),
SslHpkpIncludeSubdomains: pulumi.String("string"),
SslHpkpPrimary: pulumi.String("string"),
SslHpkpReportUri: pulumi.String("string"),
SslHsts: pulumi.String("string"),
SslHstsAge: pulumi.Float64(0),
SslHstsIncludeSubdomains: pulumi.String("string"),
SslHttpLocationConversion: pulumi.String("string"),
SslHttpMatchHost: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslMode: pulumi.String("string"),
SslPfs: pulumi.String("string"),
SslSendEmptyFrags: pulumi.String("string"),
SslServerAlgorithm: pulumi.String("string"),
SslServerCipherSuites: .ObjectFirewallVip6SslServerCipherSuiteArray{
&.ObjectFirewallVip6SslServerCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslServerMaxVersion: pulumi.String("string"),
SslServerMinVersion: pulumi.String("string"),
SslServerRenegotiation: pulumi.String("string"),
SslServerSessionStateMax: pulumi.Float64(0),
SslServerSessionStateTimeout: pulumi.Float64(0),
SslServerSessionStateType: pulumi.String("string"),
Type: pulumi.String("string"),
Uuid: pulumi.String("string"),
WeblogicServer: pulumi.String("string"),
WebsphereServer: pulumi.String("string"),
})
var objectFirewallVip6Resource = new ObjectFirewallVip6("objectFirewallVip6Resource", ObjectFirewallVip6Args.builder()
.addNat64Route("string")
.adom("string")
.arpReply("string")
.color(0)
.comment("string")
.dynamicMappings(ObjectFirewallVip6DynamicMappingArgs.builder()
._scopes(ObjectFirewallVip6DynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.addNat64Route("string")
.arpReply("string")
.color(0)
.comment("string")
.embeddedIpv4Address("string")
.extip("string")
.extport("string")
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpRedirect("string")
.httpsCookieSecure("string")
.id(0)
.ipv4Mappedip("string")
.ipv4Mappedport("string")
.ldbMethod("string")
.mappedip("string")
.mappedport("string")
.maxEmbryonicConnections(0)
.monitor("string")
.nat64("string")
.nat66("string")
.natSourceVip("string")
.ndpReply("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.protocol("string")
.realservers(ObjectFirewallVip6DynamicMappingRealserverArgs.builder()
.clientIp("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.status("string")
.translateHost("string")
.weight(0)
.build())
.serverType("string")
.srcFilters("string")
.srcVipFilter("string")
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.type("string")
.uuid("string")
.weblogicServer("string")
.websphereServer("string")
.build())
.dynamicSortSubtable("string")
.embeddedIpv4Address("string")
.extip("string")
.extport("string")
.fosid(0)
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpIpHeader("string")
.httpIpHeaderName("string")
.httpMultiplex("string")
.httpRedirect("string")
.httpsCookieSecure("string")
.ipv4Mappedip("string")
.ipv4Mappedport("string")
.ldbMethod("string")
.mappedips("string")
.mappedport("string")
.maxEmbryonicConnections(0)
.monitor("string")
.name("string")
.nat64("string")
.nat66("string")
.natSourceVip("string")
.ndpReply("string")
.objectFirewallVip6Id("string")
.outlookWebAccess("string")
.persistence("string")
.portforward("string")
.protocol("string")
.quic(ObjectFirewallVip6QuicArgs.builder()
.ackDelayExponent(0)
.activeConnectionIdLimit(0)
.activeMigration("string")
.greaseQuicBit("string")
.maxAckDelay(0)
.maxDatagramFrameSize(0)
.maxIdleTimeout(0)
.maxUdpPayloadSize(0)
.build())
.realservers(ObjectFirewallVip6RealserverArgs.builder()
.clientIp("string")
.healthcheck("string")
.holddownInterval(0)
.httpHost("string")
.id(0)
.ip("string")
.maxConnections(0)
.monitor("string")
.port(0)
.status("string")
.translateHost("string")
.weight(0)
.build())
.scopetype("string")
.serverType("string")
.srcFilters("string")
.srcVipFilter("string")
.sslAcceptFfdheGroups("string")
.sslAlgorithm("string")
.sslCertificate("string")
.sslCipherSuites(ObjectFirewallVip6SslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslClientFallback("string")
.sslClientRekeyCount(0)
.sslClientRenegotiation("string")
.sslClientSessionStateMax(0)
.sslClientSessionStateTimeout(0)
.sslClientSessionStateType("string")
.sslDhBits("string")
.sslHpkp("string")
.sslHpkpAge(0)
.sslHpkpBackup("string")
.sslHpkpIncludeSubdomains("string")
.sslHpkpPrimary("string")
.sslHpkpReportUri("string")
.sslHsts("string")
.sslHstsAge(0)
.sslHstsIncludeSubdomains("string")
.sslHttpLocationConversion("string")
.sslHttpMatchHost("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslMode("string")
.sslPfs("string")
.sslSendEmptyFrags("string")
.sslServerAlgorithm("string")
.sslServerCipherSuites(ObjectFirewallVip6SslServerCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslServerMaxVersion("string")
.sslServerMinVersion("string")
.sslServerRenegotiation("string")
.sslServerSessionStateMax(0)
.sslServerSessionStateTimeout(0)
.sslServerSessionStateType("string")
.type("string")
.uuid("string")
.weblogicServer("string")
.websphereServer("string")
.build());
object_firewall_vip6_resource = fortimanager.ObjectFirewallVip6("objectFirewallVip6Resource",
add_nat64_route="string",
adom="string",
arp_reply="string",
color=0,
comment="string",
dynamic_mappings=[{
"_scopes": [{
"name": "string",
"vdom": "string",
}],
"add_nat64_route": "string",
"arp_reply": "string",
"color": 0,
"comment": "string",
"embedded_ipv4_address": "string",
"extip": "string",
"extport": "string",
"h2_support": "string",
"h3_support": "string",
"http_cookie_age": 0,
"http_cookie_domain": "string",
"http_cookie_domain_from_host": "string",
"http_cookie_generation": 0,
"http_cookie_path": "string",
"http_cookie_share": "string",
"http_ip_header": "string",
"http_ip_header_name": "string",
"http_multiplex": "string",
"http_redirect": "string",
"https_cookie_secure": "string",
"id": 0,
"ipv4_mappedip": "string",
"ipv4_mappedport": "string",
"ldb_method": "string",
"mappedip": "string",
"mappedport": "string",
"max_embryonic_connections": 0,
"monitor": "string",
"nat64": "string",
"nat66": "string",
"nat_source_vip": "string",
"ndp_reply": "string",
"outlook_web_access": "string",
"persistence": "string",
"portforward": "string",
"protocol": "string",
"realservers": [{
"client_ip": "string",
"healthcheck": "string",
"holddown_interval": 0,
"http_host": "string",
"id": 0,
"ip": "string",
"max_connections": 0,
"monitor": "string",
"port": 0,
"status": "string",
"translate_host": "string",
"weight": 0,
}],
"server_type": "string",
"src_filters": ["string"],
"src_vip_filter": "string",
"ssl_accept_ffdhe_groups": "string",
"ssl_algorithm": "string",
"ssl_certificate": "string",
"ssl_cipher_suites": [{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
"ssl_client_fallback": "string",
"ssl_client_rekey_count": 0,
"ssl_client_renegotiation": "string",
"ssl_client_session_state_max": 0,
"ssl_client_session_state_timeout": 0,
"ssl_client_session_state_type": "string",
"ssl_dh_bits": "string",
"ssl_hpkp": "string",
"ssl_hpkp_age": 0,
"ssl_hpkp_backup": "string",
"ssl_hpkp_include_subdomains": "string",
"ssl_hpkp_primary": "string",
"ssl_hpkp_report_uri": "string",
"ssl_hsts": "string",
"ssl_hsts_age": 0,
"ssl_hsts_include_subdomains": "string",
"ssl_http_location_conversion": "string",
"ssl_http_match_host": "string",
"ssl_max_version": "string",
"ssl_min_version": "string",
"ssl_mode": "string",
"ssl_pfs": "string",
"ssl_send_empty_frags": "string",
"ssl_server_algorithm": "string",
"ssl_server_max_version": "string",
"ssl_server_min_version": "string",
"ssl_server_renegotiation": "string",
"ssl_server_session_state_max": 0,
"ssl_server_session_state_timeout": 0,
"ssl_server_session_state_type": "string",
"type": "string",
"uuid": "string",
"weblogic_server": "string",
"websphere_server": "string",
}],
dynamic_sort_subtable="string",
embedded_ipv4_address="string",
extip="string",
extport="string",
fosid=0,
h2_support="string",
h3_support="string",
http_cookie_age=0,
http_cookie_domain="string",
http_cookie_domain_from_host="string",
http_cookie_generation=0,
http_cookie_path="string",
http_cookie_share="string",
http_ip_header="string",
http_ip_header_name="string",
http_multiplex="string",
http_redirect="string",
https_cookie_secure="string",
ipv4_mappedip="string",
ipv4_mappedport="string",
ldb_method="string",
mappedips=["string"],
mappedport="string",
max_embryonic_connections=0,
monitor="string",
name="string",
nat64="string",
nat66="string",
nat_source_vip="string",
ndp_reply="string",
object_firewall_vip6_id="string",
outlook_web_access="string",
persistence="string",
portforward="string",
protocol="string",
quic={
"ack_delay_exponent": 0,
"active_connection_id_limit": 0,
"active_migration": "string",
"grease_quic_bit": "string",
"max_ack_delay": 0,
"max_datagram_frame_size": 0,
"max_idle_timeout": 0,
"max_udp_payload_size": 0,
},
realservers=[{
"client_ip": "string",
"healthcheck": "string",
"holddown_interval": 0,
"http_host": "string",
"id": 0,
"ip": "string",
"max_connections": 0,
"monitor": "string",
"port": 0,
"status": "string",
"translate_host": "string",
"weight": 0,
}],
scopetype="string",
server_type="string",
src_filters=["string"],
src_vip_filter="string",
ssl_accept_ffdhe_groups="string",
ssl_algorithm="string",
ssl_certificate="string",
ssl_cipher_suites=[{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
ssl_client_fallback="string",
ssl_client_rekey_count=0,
ssl_client_renegotiation="string",
ssl_client_session_state_max=0,
ssl_client_session_state_timeout=0,
ssl_client_session_state_type="string",
ssl_dh_bits="string",
ssl_hpkp="string",
ssl_hpkp_age=0,
ssl_hpkp_backup="string",
ssl_hpkp_include_subdomains="string",
ssl_hpkp_primary="string",
ssl_hpkp_report_uri="string",
ssl_hsts="string",
ssl_hsts_age=0,
ssl_hsts_include_subdomains="string",
ssl_http_location_conversion="string",
ssl_http_match_host="string",
ssl_max_version="string",
ssl_min_version="string",
ssl_mode="string",
ssl_pfs="string",
ssl_send_empty_frags="string",
ssl_server_algorithm="string",
ssl_server_cipher_suites=[{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
ssl_server_max_version="string",
ssl_server_min_version="string",
ssl_server_renegotiation="string",
ssl_server_session_state_max=0,
ssl_server_session_state_timeout=0,
ssl_server_session_state_type="string",
type="string",
uuid="string",
weblogic_server="string",
websphere_server="string")
const objectFirewallVip6Resource = new fortimanager.ObjectFirewallVip6("objectFirewallVip6Resource", {
addNat64Route: "string",
adom: "string",
arpReply: "string",
color: 0,
comment: "string",
dynamicMappings: [{
_scopes: [{
name: "string",
vdom: "string",
}],
addNat64Route: "string",
arpReply: "string",
color: 0,
comment: "string",
embeddedIpv4Address: "string",
extip: "string",
extport: "string",
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpRedirect: "string",
httpsCookieSecure: "string",
id: 0,
ipv4Mappedip: "string",
ipv4Mappedport: "string",
ldbMethod: "string",
mappedip: "string",
mappedport: "string",
maxEmbryonicConnections: 0,
monitor: "string",
nat64: "string",
nat66: "string",
natSourceVip: "string",
ndpReply: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
protocol: "string",
realservers: [{
clientIp: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
status: "string",
translateHost: "string",
weight: 0,
}],
serverType: "string",
srcFilters: ["string"],
srcVipFilter: "string",
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
type: "string",
uuid: "string",
weblogicServer: "string",
websphereServer: "string",
}],
dynamicSortSubtable: "string",
embeddedIpv4Address: "string",
extip: "string",
extport: "string",
fosid: 0,
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpIpHeader: "string",
httpIpHeaderName: "string",
httpMultiplex: "string",
httpRedirect: "string",
httpsCookieSecure: "string",
ipv4Mappedip: "string",
ipv4Mappedport: "string",
ldbMethod: "string",
mappedips: ["string"],
mappedport: "string",
maxEmbryonicConnections: 0,
monitor: "string",
name: "string",
nat64: "string",
nat66: "string",
natSourceVip: "string",
ndpReply: "string",
objectFirewallVip6Id: "string",
outlookWebAccess: "string",
persistence: "string",
portforward: "string",
protocol: "string",
quic: {
ackDelayExponent: 0,
activeConnectionIdLimit: 0,
activeMigration: "string",
greaseQuicBit: "string",
maxAckDelay: 0,
maxDatagramFrameSize: 0,
maxIdleTimeout: 0,
maxUdpPayloadSize: 0,
},
realservers: [{
clientIp: "string",
healthcheck: "string",
holddownInterval: 0,
httpHost: "string",
id: 0,
ip: "string",
maxConnections: 0,
monitor: "string",
port: 0,
status: "string",
translateHost: "string",
weight: 0,
}],
scopetype: "string",
serverType: "string",
srcFilters: ["string"],
srcVipFilter: "string",
sslAcceptFfdheGroups: "string",
sslAlgorithm: "string",
sslCertificate: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslClientFallback: "string",
sslClientRekeyCount: 0,
sslClientRenegotiation: "string",
sslClientSessionStateMax: 0,
sslClientSessionStateTimeout: 0,
sslClientSessionStateType: "string",
sslDhBits: "string",
sslHpkp: "string",
sslHpkpAge: 0,
sslHpkpBackup: "string",
sslHpkpIncludeSubdomains: "string",
sslHpkpPrimary: "string",
sslHpkpReportUri: "string",
sslHsts: "string",
sslHstsAge: 0,
sslHstsIncludeSubdomains: "string",
sslHttpLocationConversion: "string",
sslHttpMatchHost: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslMode: "string",
sslPfs: "string",
sslSendEmptyFrags: "string",
sslServerAlgorithm: "string",
sslServerCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslServerMaxVersion: "string",
sslServerMinVersion: "string",
sslServerRenegotiation: "string",
sslServerSessionStateMax: 0,
sslServerSessionStateTimeout: 0,
sslServerSessionStateType: "string",
type: "string",
uuid: "string",
weblogicServer: "string",
websphereServer: "string",
});
type: fortimanager:ObjectFirewallVip6
properties:
addNat64Route: string
adom: string
arpReply: string
color: 0
comment: string
dynamicMappings:
- _scopes:
- name: string
vdom: string
addNat64Route: string
arpReply: string
color: 0
comment: string
embeddedIpv4Address: string
extip: string
extport: string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpRedirect: string
httpsCookieSecure: string
id: 0
ipv4Mappedip: string
ipv4Mappedport: string
ldbMethod: string
mappedip: string
mappedport: string
maxEmbryonicConnections: 0
monitor: string
nat64: string
nat66: string
natSourceVip: string
ndpReply: string
outlookWebAccess: string
persistence: string
portforward: string
protocol: string
realservers:
- clientIp: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
status: string
translateHost: string
weight: 0
serverType: string
srcFilters:
- string
srcVipFilter: string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
type: string
uuid: string
weblogicServer: string
websphereServer: string
dynamicSortSubtable: string
embeddedIpv4Address: string
extip: string
extport: string
fosid: 0
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpIpHeader: string
httpIpHeaderName: string
httpMultiplex: string
httpRedirect: string
httpsCookieSecure: string
ipv4Mappedip: string
ipv4Mappedport: string
ldbMethod: string
mappedips:
- string
mappedport: string
maxEmbryonicConnections: 0
monitor: string
name: string
nat64: string
nat66: string
natSourceVip: string
ndpReply: string
objectFirewallVip6Id: string
outlookWebAccess: string
persistence: string
portforward: string
protocol: string
quic:
ackDelayExponent: 0
activeConnectionIdLimit: 0
activeMigration: string
greaseQuicBit: string
maxAckDelay: 0
maxDatagramFrameSize: 0
maxIdleTimeout: 0
maxUdpPayloadSize: 0
realservers:
- clientIp: string
healthcheck: string
holddownInterval: 0
httpHost: string
id: 0
ip: string
maxConnections: 0
monitor: string
port: 0
status: string
translateHost: string
weight: 0
scopetype: string
serverType: string
srcFilters:
- string
srcVipFilter: string
sslAcceptFfdheGroups: string
sslAlgorithm: string
sslCertificate: string
sslCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslClientFallback: string
sslClientRekeyCount: 0
sslClientRenegotiation: string
sslClientSessionStateMax: 0
sslClientSessionStateTimeout: 0
sslClientSessionStateType: string
sslDhBits: string
sslHpkp: string
sslHpkpAge: 0
sslHpkpBackup: string
sslHpkpIncludeSubdomains: string
sslHpkpPrimary: string
sslHpkpReportUri: string
sslHsts: string
sslHstsAge: 0
sslHstsIncludeSubdomains: string
sslHttpLocationConversion: string
sslHttpMatchHost: string
sslMaxVersion: string
sslMinVersion: string
sslMode: string
sslPfs: string
sslSendEmptyFrags: string
sslServerAlgorithm: string
sslServerCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslServerMaxVersion: string
sslServerMinVersion: string
sslServerRenegotiation: string
sslServerSessionStateMax: 0
sslServerSessionStateTimeout: 0
sslServerSessionStateType: string
type: string
uuid: string
weblogicServer: string
websphereServer: string
ObjectFirewallVip6 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectFirewallVip6 resource accepts the following input properties:
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Mappings List<ObjectFirewall Vip6Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedips List<string>
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - Realservers
List<Object
Firewall Vip6Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters List<string> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip6Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server List<ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite> - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Mappings []ObjectFirewall Vip6Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedips []string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Object
Firewall Vip6Quic Type Args - Quic. The structure of
quicblock is documented below. - Realservers
[]Object
Firewall Vip6Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters []string - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip6Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server []ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite Args - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Mappings List<ObjectFirewall Vip6Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips List<String>
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - realservers
List<Object
Firewall Vip6Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip6Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server List<ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite> - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Mappings ObjectFirewall Vip6Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips string[]
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name string
- Virtual ip6 name.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - realservers
Object
Firewall Vip6Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters string[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip6Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite[] - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
mappings Sequence[ObjectFirewall Vip6Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips Sequence[str]
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name str
- Virtual ip6 name.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object_
firewall_ strvip6_ id - an identifier for the resource with format {{name}}.
- outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic Args - Quic. The structure of
quicblock is documented below. - realservers
Sequence[Object
Firewall Vip6Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src_
filters Sequence[str] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip6Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ Sequence[Objectcipher_ suites Firewall Vip6Ssl Server Cipher Suite Args] - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips List<String>
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Property Map
- Quic. The structure of
quicblock is documented below. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server List<Property Map>Cipher Suites - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectFirewallVip6 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectFirewallVip6 Resource
Get an existing ObjectFirewallVip6 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectFirewallVip6State, opts?: CustomResourceOptions): ObjectFirewallVip6@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_nat64_route: Optional[str] = None,
adom: Optional[str] = None,
arp_reply: Optional[str] = None,
color: Optional[float] = None,
comment: Optional[str] = None,
dynamic_mappings: Optional[Sequence[ObjectFirewallVip6DynamicMappingArgs]] = None,
dynamic_sort_subtable: Optional[str] = None,
embedded_ipv4_address: Optional[str] = None,
extip: Optional[str] = None,
extport: Optional[str] = None,
fosid: Optional[float] = None,
h2_support: Optional[str] = None,
h3_support: Optional[str] = None,
http_cookie_age: Optional[float] = None,
http_cookie_domain: Optional[str] = None,
http_cookie_domain_from_host: Optional[str] = None,
http_cookie_generation: Optional[float] = None,
http_cookie_path: Optional[str] = None,
http_cookie_share: Optional[str] = None,
http_ip_header: Optional[str] = None,
http_ip_header_name: Optional[str] = None,
http_multiplex: Optional[str] = None,
http_redirect: Optional[str] = None,
https_cookie_secure: Optional[str] = None,
ipv4_mappedip: Optional[str] = None,
ipv4_mappedport: Optional[str] = None,
ldb_method: Optional[str] = None,
mappedips: Optional[Sequence[str]] = None,
mappedport: Optional[str] = None,
max_embryonic_connections: Optional[float] = None,
monitor: Optional[str] = None,
name: Optional[str] = None,
nat64: Optional[str] = None,
nat66: Optional[str] = None,
nat_source_vip: Optional[str] = None,
ndp_reply: Optional[str] = None,
object_firewall_vip6_id: Optional[str] = None,
outlook_web_access: Optional[str] = None,
persistence: Optional[str] = None,
portforward: Optional[str] = None,
protocol: Optional[str] = None,
quic: Optional[ObjectFirewallVip6QuicArgs] = None,
realservers: Optional[Sequence[ObjectFirewallVip6RealserverArgs]] = None,
scopetype: Optional[str] = None,
server_type: Optional[str] = None,
src_filters: Optional[Sequence[str]] = None,
src_vip_filter: Optional[str] = None,
ssl_accept_ffdhe_groups: Optional[str] = None,
ssl_algorithm: Optional[str] = None,
ssl_certificate: Optional[str] = None,
ssl_cipher_suites: Optional[Sequence[ObjectFirewallVip6SslCipherSuiteArgs]] = None,
ssl_client_fallback: Optional[str] = None,
ssl_client_rekey_count: Optional[float] = None,
ssl_client_renegotiation: Optional[str] = None,
ssl_client_session_state_max: Optional[float] = None,
ssl_client_session_state_timeout: Optional[float] = None,
ssl_client_session_state_type: Optional[str] = None,
ssl_dh_bits: Optional[str] = None,
ssl_hpkp: Optional[str] = None,
ssl_hpkp_age: Optional[float] = None,
ssl_hpkp_backup: Optional[str] = None,
ssl_hpkp_include_subdomains: Optional[str] = None,
ssl_hpkp_primary: Optional[str] = None,
ssl_hpkp_report_uri: Optional[str] = None,
ssl_hsts: Optional[str] = None,
ssl_hsts_age: Optional[float] = None,
ssl_hsts_include_subdomains: Optional[str] = None,
ssl_http_location_conversion: Optional[str] = None,
ssl_http_match_host: Optional[str] = None,
ssl_max_version: Optional[str] = None,
ssl_min_version: Optional[str] = None,
ssl_mode: Optional[str] = None,
ssl_pfs: Optional[str] = None,
ssl_send_empty_frags: Optional[str] = None,
ssl_server_algorithm: Optional[str] = None,
ssl_server_cipher_suites: Optional[Sequence[ObjectFirewallVip6SslServerCipherSuiteArgs]] = None,
ssl_server_max_version: Optional[str] = None,
ssl_server_min_version: Optional[str] = None,
ssl_server_renegotiation: Optional[str] = None,
ssl_server_session_state_max: Optional[float] = None,
ssl_server_session_state_timeout: Optional[float] = None,
ssl_server_session_state_type: Optional[str] = None,
type: Optional[str] = None,
uuid: Optional[str] = None,
weblogic_server: Optional[str] = None,
websphere_server: Optional[str] = None) -> ObjectFirewallVip6func GetObjectFirewallVip6(ctx *Context, name string, id IDInput, state *ObjectFirewallVip6State, opts ...ResourceOption) (*ObjectFirewallVip6, error)public static ObjectFirewallVip6 Get(string name, Input<string> id, ObjectFirewallVip6State? state, CustomResourceOptions? opts = null)public static ObjectFirewallVip6 get(String name, Output<String> id, ObjectFirewallVip6State state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectFirewallVip6 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Mappings List<ObjectFirewall Vip6Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid double
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedips List<string>
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - Realservers
List<Object
Firewall Vip6Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters List<string> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip6Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server List<ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite> - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Dynamic
Mappings []ObjectFirewall Vip6Dynamic Mapping Type Args - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- Fosid float64
- Custom defined ID.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedips []string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Name string
- Virtual ip6 name.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Quic
Object
Firewall Vip6Quic Type Args - Quic. The structure of
quicblock is documented below. - Realservers
[]Object
Firewall Vip6Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters []string - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip6Ssl Cipher Suite Args - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server []ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite Args - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Mappings List<ObjectFirewall Vip6Dynamic Mapping> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Double
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips List<String>
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - realservers
List<Object
Firewall Vip6Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip6Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server List<ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite> - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- dynamic
Mappings ObjectFirewall Vip6Dynamic Mapping[] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid number
- Custom defined ID.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips string[]
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name string
- Virtual ip6 name.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall stringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic - Quic. The structure of
quicblock is documented below. - realservers
Object
Firewall Vip6Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters string[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip6Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server ObjectCipher Suites Firewall Vip6Ssl Server Cipher Suite[] - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- dynamic_
mappings Sequence[ObjectFirewall Vip6Dynamic Mapping Args] - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid float
- Custom defined ID.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips Sequence[str]
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name str
- Virtual ip6 name.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object_
firewall_ strvip6_ id - an identifier for the resource with format {{name}}.
- outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic
Object
Firewall Vip6Quic Args - Quic. The structure of
quicblock is documented below. - realservers
Sequence[Object
Firewall Vip6Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src_
filters Sequence[str] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip6Ssl Cipher Suite Args] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ Sequence[Objectcipher_ suites Firewall Vip6Ssl Server Cipher Suite Args] - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- dynamic
Mappings List<Property Map> - Dynamic_Mapping. The structure of
dynamic_mappingblock is documented below. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- fosid Number
- Custom defined ID.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedips List<String>
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- name String
- Virtual ip6 name.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - object
Firewall StringVip6Id - an identifier for the resource with format {{name}}.
- outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - quic Property Map
- Quic. The structure of
quicblock is documented below. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server List<Property Map>Cipher Suites - Ssl-Server-Cipher-Suites. The structure of
ssl_server_cipher_suitesblock is documented below. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
Supporting Types
ObjectFirewallVip6DynamicMapping, ObjectFirewallVip6DynamicMappingArgs
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color double
- Color of icon on the GUI.
- Comment string
- Comment.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Id double
- Custom defined ID.
- Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic doubleConnections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters List<string> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client doubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client doubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client doubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp doubleAge - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts doubleAge - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server doubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server doubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - Arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - Color float64
- Color of icon on the GUI.
- Comment string
- Comment.
- Embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - Extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- Extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- H2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - H3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - Http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - Http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- Http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - Http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Id float64
- Custom defined ID.
- Ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- Ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Mappedip string
- Mapped IP address range in the format startIP-endIP.
- Mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- Max
Embryonic float64Connections - Maximum number of incomplete connections.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - Nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - Nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - Ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - Outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - Portforward string
- Enable port forwarding. Valid values:
disable,enable. - Protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - Realservers
[]Object
Firewall Vip6Dynamic Mapping Realserver - Realservers. The structure of
realserversblock is documented below. - Server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - Src
Filters []string - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- Src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - Ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - Ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - Ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- Ssl
Cipher []ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - Ssl
Client float64Rekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- Ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - Ssl
Client float64Session State Max - Maximum number of client to FortiGate SSL session states to keep.
- Ssl
Client float64Session State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- Ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - Ssl
Hpkp float64Age - Number of minutes the web browser should keep HPKP.
- Ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- Ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - Ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- Ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- Ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - Ssl
Hsts float64Age - Number of seconds the client should honour the HSTS setting.
- Ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - Ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - Ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - Ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - Ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - Ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - Ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - Ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Server float64Session State Max - Maximum number of FortiGate to Server SSL session states to keep.
- Ssl
Server float64Session State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- Ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - Type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - Uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- Weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - Websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable. - _
scopes []ObjectFirewall Vip6Dynamic Mapping_Scope - _Scope. The structure of
_scopeblock is documented below.
- _
scopes List<ObjectFirewall Vip6Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Double
- Color of icon on the GUI.
- comment String
- Comment.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id Double
- Custom defined ID.
- ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic DoubleConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
List<Object
Firewall Vip6Dynamic Mapping Realserver> - Realservers. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client DoubleRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client DoubleSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client DoubleSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp DoubleAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts DoubleAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server DoubleSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server DoubleSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes ObjectFirewall Vip6Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route string - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply string - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color number
- Color of icon on the GUI.
- comment string
- Comment.
- embedded
Ipv4Address string - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip string
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport string
- Incoming port number range that you want to map to a port number range on the destination network.
- h2Support string
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support string
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip stringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip stringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex string - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect string - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id number
- Custom defined ID.
- ipv4Mappedip string
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport string
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip string
- Mapped IP address range in the format startIP-endIP.
- mappedport string
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic numberConnections - Maximum number of incomplete connections.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 string
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 string
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source stringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply string - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web stringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward string
- Enable port forwarding. Valid values:
disable,enable. - protocol string
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Object
Firewall Vip6Dynamic Mapping Realserver[] - Realservers. The structure of
realserversblock is documented below. - server
Type string - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters string[] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip stringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept stringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm string - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate string - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher ObjectSuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client stringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client numberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client stringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client numberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client numberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp string - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp numberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp stringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp stringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp stringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp stringReport Uri - URL to report HPKP violations to.
- ssl
Hsts string - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts numberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts stringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http stringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http stringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode string - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs string - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send stringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server stringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server stringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server stringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server numberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server numberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server stringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type string
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid string
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server string - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes Sequence[ObjectFirewall Vip6Dynamic Mapping_Scope] - _Scope. The structure of
_scopeblock is documented below. - add_
nat64_ strroute - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp_
reply str - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color float
- Color of icon on the GUI.
- comment str
- Comment.
- embedded_
ipv4_ straddress - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip str
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport str
- Incoming port number range that you want to map to a port number range on the destination network.
- h2_
support str - Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3_
support str - Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http_
ip_ strheader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http_
ip_ strheader_ name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http_
multiplex str - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http_
redirect str - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id float
- Custom defined ID.
- ipv4_
mappedip str - Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4_
mappedport str - IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip str
- Mapped IP address range in the format startIP-endIP.
- mappedport str
- Port number range on the destination network to which the external port number range is mapped.
- max_
embryonic_ floatconnections - Maximum number of incomplete connections.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 str
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 str
- Enable/disable DNAT66. Valid values:
disable,enable. - nat_
source_ strvip - Nat-Source-Vip. Valid values:
disable,enable. - ndp_
reply str - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook_
web_ straccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward str
- Enable port forwarding. Valid values:
disable,enable. - protocol str
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers
Sequence[Object
Firewall Vip6Dynamic Mapping Realserver] - Realservers. The structure of
realserversblock is documented below. - server_
type str - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src_
filters Sequence[str] - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src_
vip_ strfilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl_
accept_ strffdhe_ groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl_
algorithm str - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl_
certificate str - The name of the SSL certificate to use for SSL acceleration.
- ssl_
cipher_ Sequence[Objectsuites Firewall Vip6Dynamic Mapping Ssl Cipher Suite] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
client_ strfallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl_
client_ floatrekey_ count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl_
client_ strrenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl_
client_ floatsession_ state_ max - Maximum number of client to FortiGate SSL session states to keep.
- ssl_
client_ floatsession_ state_ timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl_
client_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
hpkp str - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl_
hpkp_ floatage - Number of minutes the web browser should keep HPKP.
- ssl_
hpkp_ strbackup - Certificate to generate backup HPKP pin from.
- ssl_
hpkp_ strinclude_ subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl_
hpkp_ strprimary - Certificate to generate primary HPKP pin from.
- ssl_
hpkp_ strreport_ uri - URL to report HPKP violations to.
- ssl_
hsts str - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl_
hsts_ floatage - Number of seconds the client should honour the HSTS setting.
- ssl_
hsts_ strinclude_ subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl_
http_ strlocation_ conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl_
http_ strmatch_ host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
mode str - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl_
pfs str - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl_
send_ strempty_ frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl_
server_ stralgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl_
server_ strmax_ version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strmin_ version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl_
server_ strrenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
server_ floatsession_ state_ max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl_
server_ floatsession_ state_ timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl_
server_ strsession_ state_ type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type str
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid str
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere_
server str - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
- _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - add
Nat64Route String - Enable/disable adding NAT64 route. Valid values:
disable,enable. - arp
Reply String - Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values:
disable,enable. - color Number
- Color of icon on the GUI.
- comment String
- Comment.
- embedded
Ipv4Address String - Enable/disable embedded IPv4 address. Valid values:
disable,enable. - extip String
- IP address or address range on the external interface that you want to map to an address or address range on the destination network.
- extport String
- Incoming port number range that you want to map to a port number range on the destination network.
- h2Support String
- Enable/disable HTTP2 support (default = enable). Valid values:
disable,enable. - h3Support String
- Enable/disable HTTP3/QUIC support (default = disable). Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - http
Ip StringHeader - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values:
disable,enable. - http
Ip StringHeader Name - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
- http
Multiplex String - Enable/disable HTTP multiplexing. Valid values:
disable,enable. - http
Redirect String - Enable/disable redirection of HTTP to HTTPS Valid values:
disable,enable. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id Number
- Custom defined ID.
- ipv4Mappedip String
- Start-mapped-IPv4-address [-end mapped-IPv4-address].
- ipv4Mappedport String
- IPv4 port number range on the destination network to which the external port number range is mapped.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - mappedip String
- Mapped IP address range in the format startIP-endIP.
- mappedport String
- Port number range on the destination network to which the external port number range is mapped.
- max
Embryonic NumberConnections - Maximum number of incomplete connections.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- nat64 String
- Enable/disable DNAT64. Valid values:
disable,enable. - nat66 String
- Enable/disable DNAT66. Valid values:
disable,enable. - nat
Source StringVip - Nat-Source-Vip. Valid values:
disable,enable. - ndp
Reply String - Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values:
disable,enable. - outlook
Web StringAccess - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values:
disable,enable. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie,ssl-session-id. - portforward String
- Enable port forwarding. Valid values:
disable,enable. - protocol String
- Protocol to use when forwarding packets. Valid values:
tcp,udp,sctp. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - server
Type String - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values:
http,https,ssl,tcp,udp,ip,imaps,pop3s,smtps. - src
Filters List<String> - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces.
- src
Vip StringFilter - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values:
disable,enable. - ssl
Accept StringFfdhe Groups - Enable/disable FFDHE cipher suite for SSL key exchange. Valid values:
disable,enable. - ssl
Algorithm String - Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values:
high,low,medium,custom. - ssl
Certificate String - The name of the SSL certificate to use for SSL acceleration.
- ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Client StringFallback - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values:
disable,enable. - ssl
Client NumberRekey Count - Maximum length of data in MB before triggering a client rekey (0 = disable).
- ssl
Client StringRenegotiation - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values:
deny,allow,secure. - ssl
Client NumberSession State Max - Maximum number of client to FortiGate SSL session states to keep.
- ssl
Client NumberSession State Timeout - Number of minutes to keep client to FortiGate SSL session state.
- ssl
Client StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values:
disable,time,count,both. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Hpkp String - Enable/disable including HPKP header in response. Valid values:
disable,enable,report-only. - ssl
Hpkp NumberAge - Number of minutes the web browser should keep HPKP.
- ssl
Hpkp StringBackup - Certificate to generate backup HPKP pin from.
- ssl
Hpkp StringInclude Subdomains - Indicate that HPKP header applies to all subdomains. Valid values:
disable,enable. - ssl
Hpkp StringPrimary - Certificate to generate primary HPKP pin from.
- ssl
Hpkp StringReport Uri - URL to report HPKP violations to.
- ssl
Hsts String - Enable/disable including HSTS header in response. Valid values:
disable,enable. - ssl
Hsts NumberAge - Number of seconds the client should honour the HSTS setting.
- ssl
Hsts StringInclude Subdomains - Indicate that HSTS header applies to all subdomains. Valid values:
disable,enable. - ssl
Http StringLocation Conversion - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values:
disable,enable. - ssl
Http StringMatch Host - Enable/disable HTTP host matching for location conversion. Valid values:
disable,enable. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a client. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Mode String - Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values:
half,full. - ssl
Pfs String - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values:
require,deny,allow. - ssl
Send StringEmpty Frags - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values:
disable,enable. - ssl
Server StringAlgorithm - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,low,medium,custom,client. - ssl
Server StringMax Version - Highest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringMin Version - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,client,tls-1.3. - ssl
Server StringRenegotiation - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Server NumberSession State Max - Maximum number of FortiGate to Server SSL session states to keep.
- ssl
Server NumberSession State Timeout - Number of minutes to keep FortiGate to Server SSL session state.
- ssl
Server StringSession State Type - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values:
disable,time,count,both. - type String
- Configure a static NAT or server load balance VIP. Valid values:
static-nat,server-load-balance. - uuid String
- Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
- weblogic
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values:
disable,enable. - websphere
Server String - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values:
disable,enable.
ObjectFirewallVip6DynamicMappingRealserver, ObjectFirewallVip6DynamicMappingRealserverArgs
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port double
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval float64 - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Max
Connections float64 - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port float64
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Double
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip string - Only clients in this IP range can connect to this real server.
- healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- max
Connections number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client_
ip str - Only clients in this IP range can connect to this real server.
- healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval float - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- max_
connections float - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port float
- Port for communicating with the real server. Required if port forwarding is enabled.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- max
Connections Number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallVip6DynamicMappingSslCipherSuite, ObjectFirewallVip6DynamicMappingSslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallVip6DynamicMapping_Scope, ObjectFirewallVip6DynamicMapping_ScopeArgs
ObjectFirewallVip6Quic, ObjectFirewallVip6QuicArgs
- Ack
Delay doubleExponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- Active
Connection doubleId Limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack doubleDelay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram doubleFrame Size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle doubleTimeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp doublePayload Size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- Ack
Delay float64Exponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- Active
Connection float64Id Limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack float64Delay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram float64Frame Size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle float64Timeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp float64Payload Size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay DoubleExponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- active
Connection DoubleId Limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack DoubleDelay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram DoubleFrame Size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle DoubleTimeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp DoublePayload Size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay numberExponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- active
Connection numberId Limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack numberDelay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram numberFrame Size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle numberTimeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp numberPayload Size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack_
delay_ floatexponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- active_
connection_ floatid_ limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- active_
migration str - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease_
quic_ strbit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max_
ack_ floatdelay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max_
datagram_ floatframe_ size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max_
idle_ floattimeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max_
udp_ floatpayload_ size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay NumberExponent - Support meta variable ACK delay exponent (1 - 20, default = 3).
- active
Connection NumberId Limit - Support meta variable Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack NumberDelay - Support meta variable Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram NumberFrame Size - Support meta variable Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle NumberTimeout - Support meta variable Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp NumberPayload Size - Support meta variable Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ObjectFirewallVip6Realserver, ObjectFirewallVip6RealserverArgs
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IPv6 address of the real server.
- Max
Connections double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port double
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Client
Ip string - Only clients in this IP range can connect to this real server.
- Healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - Holddown
Interval float64 - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IPv6 address of the real server.
- Max
Connections float64 - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- Monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- Port float64
- Port for communicating with the real server. Required if port forwarding is enabled.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Double - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IPv6 address of the real server.
- max
Connections Double - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Double
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip string - Only clients in this IP range can connect to this real server.
- healthcheck string
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IPv6 address of the real server.
- max
Connections number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor string
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client_
ip str - Only clients in this IP range can connect to this real server.
- healthcheck str
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown_
interval float - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IPv6 address of the real server.
- max_
connections float - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor str
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port float
- Port for communicating with the real server. Required if port forwarding is enabled.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- client
Ip String - Only clients in this IP range can connect to this real server.
- healthcheck String
- Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable,vip. - holddown
Interval Number - Time in seconds that the health check monitor continues to monitor an unresponsive server that should be active.
- http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IPv6 address of the real server.
- max
Connections Number - Max number of active connections that can directed to the real server. When reached, sessions are sent to other real servers.
- monitor String
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
- port Number
- Port for communicating with the real server. Required if port forwarding is enabled.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallVip6SslCipherSuite, ObjectFirewallVip6SslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallVip6SslServerCipherSuite, ObjectFirewallVip6SslServerCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
ssl-3.0,tls-1.0,tls-1.1,tls-1.2,tls-1.3.
Import
ObjectFirewall Vip6 can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectFirewallVip6:ObjectFirewallVip6 labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev