Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Fortimanager Provider
  3. API Docs
  4. ObjectWirelesscontrollerVap
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortinetdev/terraform-provider-fortimanager

fortimanager.ObjectWirelesscontrollerVap

Explore with Pulumi AI

fortimanager logo
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortinetdev/terraform-provider-fortimanager

    Configure Virtual Access Points (VAPs).

    The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.

    • dynamic_mapping: fortimanager.ObjectWirelesscontrollerVapDynamicMapping
    • mac_filter_list: fortimanager.ObjectWirelesscontrollerVapMacfilterlist
    • mpsk_key: fortimanager_object_wirelesscontroller_vap_mpskkey
    • portal_message_overrides: fortimanager.ObjectWirelesscontrollerVapPortalmessageoverrides
    • vlan_name: fortimanager.ObjectWirelesscontrollerVapVlanname
    • vlan_pool: fortimanager.ObjectWirelesscontrollerVapVlanpool

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";

const trname = new fortimanager.ObjectWirelesscontrollerVap("trname", {
    _centmgmt: "enable",
    _intfAllowaccesses: [
        "http",
        "https",
        "ping",
        "ssh",
    ],
    _intfDeviceIdentification: "enable",
    _intfDeviceNetscan: "disable",
    _intfDhcp6RelayService: "disable",
    _intfDhcp6RelayType: "regular",
    _intfDhcpRelayService: "disable",
    _intfDhcpRelayType: "regular",
    _intfListenForticlientConnection: "disable",
    atfWeight: 20,
    broadcastSsid: "enable",
    broadcastSuppressions: [
        "arp-known",
        "dhcp-ucast",
        "dhcp-up",
    ],
    bssColorPartial: "enable",
    dhcpOption43Insertion: "enable",
    dhcpOption82CircuitIdInsertion: "disable",
    dhcpOption82Insertion: "disable",
    dhcpOption82RemoteIdInsertion: "disable",
    eapReauth: "disable",
    eapReauthIntv: 86400,
    eapolKeyRetries: "enable",
    encrypt: "AES",
    externalFastRoaming: "disable",
    fastBssTransition: "disable",
    fastRoaming: "enable",
    ftMobilityDomain: 1000,
    ftOverDs: "enable",
    ftR0KeyLifetime: 480,
    gtkRekey: "disable",
    gtkRekeyIntv: 86400,
    highEfficiency: "enable",
    igmpSnooping: "disable",
    intraVapPrivacy: "disable",
    ipv6Rules: [
        "drop-dhcp6c",
        "drop-dhcp6s",
        "drop-icmp6mld2",
        "drop-icmp6ra",
        "drop-icmp6rs",
        "drop-llmnr6",
        "drop-ns-dad",
        "ndp-proxy",
    ],
    ldpc: "rxtx",
    localAuthentication: "disable",
    localBridging: "disable",
    localLan: "allow",
    localStandalone: "disable",
    macAuthBypass: "disable",
    macFilter: "disable",
    macFilterPolicyOther: "allow",
    meDisableThresh: 32,
    meshBackhaul: "disable",
    mpsk: "disable",
    muMimo: "enable",
    multicastEnhance: "disable",
    multicastRate: "0",
    okc: "enable",
    oweTransition: "disable",
    passphrases: ["fortinet"],
    pmf: "disable",
    pmfAssocComebackTimeout: 1,
    pmfSaQueryRetryTimeout: 2,
    portMacauth: "disable",
    portMacauthReauthTimeout: 7200,
    portMacauthTimeout: 600,
    probeRespSuppression: "disable",
    probeRespThreshold: "-80",
    ptkRekey: "disable",
    ptkRekeyIntv: 86400,
    quarantine: "enable",
    radio2gThreshold: "-79",
    radio5gThreshold: "-76",
    radioSensitivity: "disable",
    radiusMacAuth: "disable",
    security: "wpa2-only-personal",
    securityObsoleteOption: "disable",
    splitTunneling: "disable",
    ssid: "fortinet",
    stickyClientRemove: "disable",
    stickyClientThreshold2g: "-79",
    stickyClientThreshold5g: "-76",
    targetWakeTime: "enable",
    tkipCounterMeasure: "enable",
    vlanAuto: "disable",
    vlanPooling: "disable",
    voiceEnterprise: "disable",
});

    import pulumi
import pulumi_fortimanager as fortimanager

trname = fortimanager.ObjectWirelesscontrollerVap("trname",
    _centmgmt="enable",
    _intf_allowaccesses=[
        "http",
        "https",
        "ping",
        "ssh",
    ],
    _intf_device_identification="enable",
    _intf_device_netscan="disable",
    _intf_dhcp6_relay_service="disable",
    _intf_dhcp6_relay_type="regular",
    _intf_dhcp_relay_service="disable",
    _intf_dhcp_relay_type="regular",
    _intf_listen_forticlient_connection="disable",
    atf_weight=20,
    broadcast_ssid="enable",
    broadcast_suppressions=[
        "arp-known",
        "dhcp-ucast",
        "dhcp-up",
    ],
    bss_color_partial="enable",
    dhcp_option43_insertion="enable",
    dhcp_option82_circuit_id_insertion="disable",
    dhcp_option82_insertion="disable",
    dhcp_option82_remote_id_insertion="disable",
    eap_reauth="disable",
    eap_reauth_intv=86400,
    eapol_key_retries="enable",
    encrypt="AES",
    external_fast_roaming="disable",
    fast_bss_transition="disable",
    fast_roaming="enable",
    ft_mobility_domain=1000,
    ft_over_ds="enable",
    ft_r0_key_lifetime=480,
    gtk_rekey="disable",
    gtk_rekey_intv=86400,
    high_efficiency="enable",
    igmp_snooping="disable",
    intra_vap_privacy="disable",
    ipv6_rules=[
        "drop-dhcp6c",
        "drop-dhcp6s",
        "drop-icmp6mld2",
        "drop-icmp6ra",
        "drop-icmp6rs",
        "drop-llmnr6",
        "drop-ns-dad",
        "ndp-proxy",
    ],
    ldpc="rxtx",
    local_authentication="disable",
    local_bridging="disable",
    local_lan="allow",
    local_standalone="disable",
    mac_auth_bypass="disable",
    mac_filter="disable",
    mac_filter_policy_other="allow",
    me_disable_thresh=32,
    mesh_backhaul="disable",
    mpsk="disable",
    mu_mimo="enable",
    multicast_enhance="disable",
    multicast_rate="0",
    okc="enable",
    owe_transition="disable",
    passphrases=["fortinet"],
    pmf="disable",
    pmf_assoc_comeback_timeout=1,
    pmf_sa_query_retry_timeout=2,
    port_macauth="disable",
    port_macauth_reauth_timeout=7200,
    port_macauth_timeout=600,
    probe_resp_suppression="disable",
    probe_resp_threshold="-80",
    ptk_rekey="disable",
    ptk_rekey_intv=86400,
    quarantine="enable",
    radio2g_threshold="-79",
    radio5g_threshold="-76",
    radio_sensitivity="disable",
    radius_mac_auth="disable",
    security="wpa2-only-personal",
    security_obsolete_option="disable",
    split_tunneling="disable",
    ssid="fortinet",
    sticky_client_remove="disable",
    sticky_client_threshold2g="-79",
    sticky_client_threshold5g="-76",
    target_wake_time="enable",
    tkip_counter_measure="enable",
    vlan_auto="disable",
    vlan_pooling="disable",
    voice_enterprise="disable")

    package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewObjectWirelesscontrollerVap(ctx, "trname", &fortimanager.ObjectWirelesscontrollerVapArgs{
			_centmgmt: pulumi.String("enable"),
			_intfAllowaccesses: pulumi.StringArray{
				pulumi.String("http"),
				pulumi.String("https"),
				pulumi.String("ping"),
				pulumi.String("ssh"),
			},
			_intfDeviceIdentification:        pulumi.String("enable"),
			_intfDeviceNetscan:               pulumi.String("disable"),
			_intfDhcp6RelayService:           pulumi.String("disable"),
			_intfDhcp6RelayType:              pulumi.String("regular"),
			_intfDhcpRelayService:            pulumi.String("disable"),
			_intfDhcpRelayType:               pulumi.String("regular"),
			_intfListenForticlientConnection: pulumi.String("disable"),
			AtfWeight:                        pulumi.Float64(20),
			BroadcastSsid:                    pulumi.String("enable"),
			BroadcastSuppressions: pulumi.StringArray{
				pulumi.String("arp-known"),
				pulumi.String("dhcp-ucast"),
				pulumi.String("dhcp-up"),
			},
			BssColorPartial:                pulumi.String("enable"),
			DhcpOption43Insertion:          pulumi.String("enable"),
			DhcpOption82CircuitIdInsertion: pulumi.String("disable"),
			DhcpOption82Insertion:          pulumi.String("disable"),
			DhcpOption82RemoteIdInsertion:  pulumi.String("disable"),
			EapReauth:                      pulumi.String("disable"),
			EapReauthIntv:                  pulumi.Float64(86400),
			EapolKeyRetries:                pulumi.String("enable"),
			Encrypt:                        pulumi.String("AES"),
			ExternalFastRoaming:            pulumi.String("disable"),
			FastBssTransition:              pulumi.String("disable"),
			FastRoaming:                    pulumi.String("enable"),
			FtMobilityDomain:               pulumi.Float64(1000),
			FtOverDs:                       pulumi.String("enable"),
			FtR0KeyLifetime:                pulumi.Float64(480),
			GtkRekey:                       pulumi.String("disable"),
			GtkRekeyIntv:                   pulumi.Float64(86400),
			HighEfficiency:                 pulumi.String("enable"),
			IgmpSnooping:                   pulumi.String("disable"),
			IntraVapPrivacy:                pulumi.String("disable"),
			Ipv6Rules: pulumi.StringArray{
				pulumi.String("drop-dhcp6c"),
				pulumi.String("drop-dhcp6s"),
				pulumi.String("drop-icmp6mld2"),
				pulumi.String("drop-icmp6ra"),
				pulumi.String("drop-icmp6rs"),
				pulumi.String("drop-llmnr6"),
				pulumi.String("drop-ns-dad"),
				pulumi.String("ndp-proxy"),
			},
			Ldpc:                 pulumi.String("rxtx"),
			LocalAuthentication:  pulumi.String("disable"),
			LocalBridging:        pulumi.String("disable"),
			LocalLan:             pulumi.String("allow"),
			LocalStandalone:      pulumi.String("disable"),
			MacAuthBypass:        pulumi.String("disable"),
			MacFilter:            pulumi.String("disable"),
			MacFilterPolicyOther: pulumi.String("allow"),
			MeDisableThresh:      pulumi.Float64(32),
			MeshBackhaul:         pulumi.String("disable"),
			Mpsk:                 pulumi.String("disable"),
			MuMimo:               pulumi.String("enable"),
			MulticastEnhance:     pulumi.String("disable"),
			MulticastRate:        pulumi.String("0"),
			Okc:                  pulumi.String("enable"),
			OweTransition:        pulumi.String("disable"),
			Passphrases: pulumi.StringArray{
				pulumi.String("fortinet"),
			},
			Pmf:                      pulumi.String("disable"),
			PmfAssocComebackTimeout:  pulumi.Float64(1),
			PmfSaQueryRetryTimeout:   pulumi.Float64(2),
			PortMacauth:              pulumi.String("disable"),
			PortMacauthReauthTimeout: pulumi.Float64(7200),
			PortMacauthTimeout:       pulumi.Float64(600),
			ProbeRespSuppression:     pulumi.String("disable"),
			ProbeRespThreshold:       pulumi.String("-80"),
			PtkRekey:                 pulumi.String("disable"),
			PtkRekeyIntv:             pulumi.Float64(86400),
			Quarantine:               pulumi.String("enable"),
			Radio2gThreshold:         pulumi.String("-79"),
			Radio5gThreshold:         pulumi.String("-76"),
			RadioSensitivity:         pulumi.String("disable"),
			RadiusMacAuth:            pulumi.String("disable"),
			Security:                 pulumi.String("wpa2-only-personal"),
			SecurityObsoleteOption:   pulumi.String("disable"),
			SplitTunneling:           pulumi.String("disable"),
			Ssid:                     pulumi.String("fortinet"),
			StickyClientRemove:       pulumi.String("disable"),
			StickyClientThreshold2g:  pulumi.String("-79"),
			StickyClientThreshold5g:  pulumi.String("-76"),
			TargetWakeTime:           pulumi.String("enable"),
			TkipCounterMeasure:       pulumi.String("enable"),
			VlanAuto:                 pulumi.String("disable"),
			VlanPooling:              pulumi.String("disable"),
			VoiceEnterprise:          pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortimanager.ObjectWirelesscontrollerVap("trname", new()
    {
        _centmgmt = "enable",
        _intfAllowaccesses = new[]
        {
            "http",
            "https",
            "ping",
            "ssh",
        },
        _intfDeviceIdentification = "enable",
        _intfDeviceNetscan = "disable",
        _intfDhcp6RelayService = "disable",
        _intfDhcp6RelayType = "regular",
        _intfDhcpRelayService = "disable",
        _intfDhcpRelayType = "regular",
        _intfListenForticlientConnection = "disable",
        AtfWeight = 20,
        BroadcastSsid = "enable",
        BroadcastSuppressions = new[]
        {
            "arp-known",
            "dhcp-ucast",
            "dhcp-up",
        },
        BssColorPartial = "enable",
        DhcpOption43Insertion = "enable",
        DhcpOption82CircuitIdInsertion = "disable",
        DhcpOption82Insertion = "disable",
        DhcpOption82RemoteIdInsertion = "disable",
        EapReauth = "disable",
        EapReauthIntv = 86400,
        EapolKeyRetries = "enable",
        Encrypt = "AES",
        ExternalFastRoaming = "disable",
        FastBssTransition = "disable",
        FastRoaming = "enable",
        FtMobilityDomain = 1000,
        FtOverDs = "enable",
        FtR0KeyLifetime = 480,
        GtkRekey = "disable",
        GtkRekeyIntv = 86400,
        HighEfficiency = "enable",
        IgmpSnooping = "disable",
        IntraVapPrivacy = "disable",
        Ipv6Rules = new[]
        {
            "drop-dhcp6c",
            "drop-dhcp6s",
            "drop-icmp6mld2",
            "drop-icmp6ra",
            "drop-icmp6rs",
            "drop-llmnr6",
            "drop-ns-dad",
            "ndp-proxy",
        },
        Ldpc = "rxtx",
        LocalAuthentication = "disable",
        LocalBridging = "disable",
        LocalLan = "allow",
        LocalStandalone = "disable",
        MacAuthBypass = "disable",
        MacFilter = "disable",
        MacFilterPolicyOther = "allow",
        MeDisableThresh = 32,
        MeshBackhaul = "disable",
        Mpsk = "disable",
        MuMimo = "enable",
        MulticastEnhance = "disable",
        MulticastRate = "0",
        Okc = "enable",
        OweTransition = "disable",
        Passphrases = new[]
        {
            "fortinet",
        },
        Pmf = "disable",
        PmfAssocComebackTimeout = 1,
        PmfSaQueryRetryTimeout = 2,
        PortMacauth = "disable",
        PortMacauthReauthTimeout = 7200,
        PortMacauthTimeout = 600,
        ProbeRespSuppression = "disable",
        ProbeRespThreshold = "-80",
        PtkRekey = "disable",
        PtkRekeyIntv = 86400,
        Quarantine = "enable",
        Radio2gThreshold = "-79",
        Radio5gThreshold = "-76",
        RadioSensitivity = "disable",
        RadiusMacAuth = "disable",
        Security = "wpa2-only-personal",
        SecurityObsoleteOption = "disable",
        SplitTunneling = "disable",
        Ssid = "fortinet",
        StickyClientRemove = "disable",
        StickyClientThreshold2g = "-79",
        StickyClientThreshold5g = "-76",
        TargetWakeTime = "enable",
        TkipCounterMeasure = "enable",
        VlanAuto = "disable",
        VlanPooling = "disable",
        VoiceEnterprise = "disable",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectWirelesscontrollerVap;
import com.pulumi.fortimanager.ObjectWirelesscontrollerVapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new ObjectWirelesscontrollerVap("trname", ObjectWirelesscontrollerVapArgs.builder()
            ._centmgmt("enable")
            ._intfAllowaccesses(            
                "http",
                "https",
                "ping",
                "ssh")
            ._intfDeviceIdentification("enable")
            ._intfDeviceNetscan("disable")
            ._intfDhcp6RelayService("disable")
            ._intfDhcp6RelayType("regular")
            ._intfDhcpRelayService("disable")
            ._intfDhcpRelayType("regular")
            ._intfListenForticlientConnection("disable")
            .atfWeight(20)
            .broadcastSsid("enable")
            .broadcastSuppressions(            
                "arp-known",
                "dhcp-ucast",
                "dhcp-up")
            .bssColorPartial("enable")
            .dhcpOption43Insertion("enable")
            .dhcpOption82CircuitIdInsertion("disable")
            .dhcpOption82Insertion("disable")
            .dhcpOption82RemoteIdInsertion("disable")
            .eapReauth("disable")
            .eapReauthIntv(86400)
            .eapolKeyRetries("enable")
            .encrypt("AES")
            .externalFastRoaming("disable")
            .fastBssTransition("disable")
            .fastRoaming("enable")
            .ftMobilityDomain(1000)
            .ftOverDs("enable")
            .ftR0KeyLifetime(480)
            .gtkRekey("disable")
            .gtkRekeyIntv(86400)
            .highEfficiency("enable")
            .igmpSnooping("disable")
            .intraVapPrivacy("disable")
            .ipv6Rules(            
                "drop-dhcp6c",
                "drop-dhcp6s",
                "drop-icmp6mld2",
                "drop-icmp6ra",
                "drop-icmp6rs",
                "drop-llmnr6",
                "drop-ns-dad",
                "ndp-proxy")
            .ldpc("rxtx")
            .localAuthentication("disable")
            .localBridging("disable")
            .localLan("allow")
            .localStandalone("disable")
            .macAuthBypass("disable")
            .macFilter("disable")
            .macFilterPolicyOther("allow")
            .meDisableThresh(32)
            .meshBackhaul("disable")
            .mpsk("disable")
            .muMimo("enable")
            .multicastEnhance("disable")
            .multicastRate("0")
            .okc("enable")
            .oweTransition("disable")
            .passphrases("fortinet")
            .pmf("disable")
            .pmfAssocComebackTimeout(1)
            .pmfSaQueryRetryTimeout(2)
            .portMacauth("disable")
            .portMacauthReauthTimeout(7200)
            .portMacauthTimeout(600)
            .probeRespSuppression("disable")
            .probeRespThreshold("-80")
            .ptkRekey("disable")
            .ptkRekeyIntv(86400)
            .quarantine("enable")
            .radio2gThreshold("-79")
            .radio5gThreshold("-76")
            .radioSensitivity("disable")
            .radiusMacAuth("disable")
            .security("wpa2-only-personal")
            .securityObsoleteOption("disable")
            .splitTunneling("disable")
            .ssid("fortinet")
            .stickyClientRemove("disable")
            .stickyClientThreshold2g("-79")
            .stickyClientThreshold5g("-76")
            .targetWakeTime("enable")
            .tkipCounterMeasure("enable")
            .vlanAuto("disable")
            .vlanPooling("disable")
            .voiceEnterprise("disable")
            .build());

    }
}

    resources:
  trname:
    type: fortimanager:ObjectWirelesscontrollerVap
    properties:
      _centmgmt: enable
      _intfAllowaccesses:
        - http
        - https
        - ping
        - ssh
      _intfDeviceIdentification: enable
      _intfDeviceNetscan: disable
      _intfDhcp6RelayService: disable
      _intfDhcp6RelayType: regular
      _intfDhcpRelayService: disable
      _intfDhcpRelayType: regular
      _intfListenForticlientConnection: disable
      atfWeight: 20
      broadcastSsid: enable
      broadcastSuppressions:
        - arp-known
        - dhcp-ucast
        - dhcp-up
      bssColorPartial: enable
      dhcpOption43Insertion: enable
      dhcpOption82CircuitIdInsertion: disable
      dhcpOption82Insertion: disable
      dhcpOption82RemoteIdInsertion: disable
      eapReauth: disable
      eapReauthIntv: 86400
      eapolKeyRetries: enable
      encrypt: AES
      externalFastRoaming: disable
      fastBssTransition: disable
      fastRoaming: enable
      ftMobilityDomain: 1000
      ftOverDs: enable
      ftR0KeyLifetime: 480
      gtkRekey: disable
      gtkRekeyIntv: 86400
      highEfficiency: enable
      igmpSnooping: disable
      intraVapPrivacy: disable
      ipv6Rules:
        - drop-dhcp6c
        - drop-dhcp6s
        - drop-icmp6mld2
        - drop-icmp6ra
        - drop-icmp6rs
        - drop-llmnr6
        - drop-ns-dad
        - ndp-proxy
      ldpc: rxtx
      localAuthentication: disable
      localBridging: disable
      localLan: allow
      localStandalone: disable
      macAuthBypass: disable
      macFilter: disable
      macFilterPolicyOther: allow
      meDisableThresh: 32
      meshBackhaul: disable
      mpsk: disable
      muMimo: enable
      multicastEnhance: disable
      multicastRate: '0'
      okc: enable
      oweTransition: disable
      passphrases:
        - fortinet
      pmf: disable
      pmfAssocComebackTimeout: 1
      pmfSaQueryRetryTimeout: 2
      portMacauth: disable
      portMacauthReauthTimeout: 7200
      portMacauthTimeout: 600
      probeRespSuppression: disable
      probeRespThreshold: '-80'
      ptkRekey: disable
      ptkRekeyIntv: 86400
      quarantine: enable
      radio2gThreshold: '-79'
      radio5gThreshold: '-76'
      radioSensitivity: disable
      radiusMacAuth: disable
      security: wpa2-only-personal
      securityObsoleteOption: disable
      splitTunneling: disable
      ssid: fortinet
      stickyClientRemove: disable
      stickyClientThreshold2g: '-79'
      stickyClientThreshold5g: '-76'
      targetWakeTime: enable
      tkipCounterMeasure: enable
      vlanAuto: disable
      vlanPooling: disable
      voiceEnterprise: disable

    Create ObjectWirelesscontrollerVap Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ObjectWirelesscontrollerVap(name: string, args?: ObjectWirelesscontrollerVapArgs, opts?: CustomResourceOptions);
    @overload
def ObjectWirelesscontrollerVap(resource_name: str,
                                args: Optional[ObjectWirelesscontrollerVapArgs] = None,
                                opts: Optional[ResourceOptions] = None)

@overload
def ObjectWirelesscontrollerVap(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                _centmgmt: Optional[str] = None,
                                _dhcp_svr_id: Optional[str] = None,
                                _intf_allowaccesses: Optional[Sequence[str]] = None,
                                _intf_device_access_list: Optional[str] = None,
                                _intf_device_identification: Optional[str] = None,
                                _intf_device_netscan: Optional[str] = None,
                                _intf_dhcp6_relay_ip: Optional[str] = None,
                                _intf_dhcp6_relay_service: Optional[str] = None,
                                _intf_dhcp6_relay_type: Optional[str] = None,
                                _intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
                                _intf_dhcp_relay_service: Optional[str] = None,
                                _intf_dhcp_relay_type: Optional[str] = None,
                                _intf_ip: Optional[str] = None,
                                _intf_ip6_address: Optional[str] = None,
                                _intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
                                _intf_listen_forticlient_connection: Optional[str] = None,
                                _is_factory_setting: Optional[str] = None,
                                access_control_list: Optional[str] = None,
                                acct_interim_interval: Optional[float] = None,
                                additional_akms: Optional[Sequence[str]] = None,
                                address_group: Optional[str] = None,
                                address_group_policy: Optional[str] = None,
                                adom: Optional[str] = None,
                                alias: Optional[str] = None,
                                antivirus_profile: Optional[str] = None,
                                application_detection_engine: Optional[str] = None,
                                application_dscp_marking: Optional[str] = None,
                                application_list: Optional[str] = None,
                                application_report_intv: Optional[float] = None,
                                atf_weight: Optional[float] = None,
                                auth: Optional[str] = None,
                                auth_cert: Optional[str] = None,
                                auth_portal_addr: Optional[str] = None,
                                beacon_advertisings: Optional[Sequence[str]] = None,
                                broadcast_ssid: Optional[str] = None,
                                broadcast_suppressions: Optional[Sequence[str]] = None,
                                bss_color_partial: Optional[str] = None,
                                bstm_disassociation_imminent: Optional[str] = None,
                                bstm_load_balancing_disassoc_timer: Optional[float] = None,
                                bstm_rssi_disassoc_timer: Optional[float] = None,
                                captive_portal_ac_name: Optional[str] = None,
                                captive_portal_auth_timeout: Optional[float] = None,
                                captive_portal_fw_accounting: Optional[str] = None,
                                captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
                                captive_portal_macauth_radius_server: Optional[str] = None,
                                captive_portal_radius_secrets: Optional[Sequence[str]] = None,
                                captive_portal_radius_server: Optional[str] = None,
                                captive_portal_session_timeout_interval: Optional[float] = None,
                                dhcp_address_enforcement: Optional[str] = None,
                                dhcp_lease_time: Optional[float] = None,
                                dhcp_option43_insertion: Optional[str] = None,
                                dhcp_option82_circuit_id_insertion: Optional[str] = None,
                                dhcp_option82_insertion: Optional[str] = None,
                                dhcp_option82_remote_id_insertion: Optional[str] = None,
                                dynamic_mappings: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]] = None,
                                dynamic_sort_subtable: Optional[str] = None,
                                dynamic_vlan: Optional[str] = None,
                                eap_reauth: Optional[str] = None,
                                eap_reauth_intv: Optional[float] = None,
                                eapol_key_retries: Optional[str] = None,
                                encrypt: Optional[str] = None,
                                external_fast_roaming: Optional[str] = None,
                                external_logout: Optional[str] = None,
                                external_web: Optional[str] = None,
                                external_web_format: Optional[str] = None,
                                fast_bss_transition: Optional[str] = None,
                                fast_roaming: Optional[str] = None,
                                ft_mobility_domain: Optional[float] = None,
                                ft_over_ds: Optional[str] = None,
                                ft_r0_key_lifetime: Optional[float] = None,
                                gas_comeback_delay: Optional[float] = None,
                                gas_fragmentation_limit: Optional[float] = None,
                                gtk_rekey: Optional[str] = None,
                                gtk_rekey_intv: Optional[float] = None,
                                high_efficiency: Optional[str] = None,
                                hotspot20_profile: Optional[str] = None,
                                igmp_snooping: Optional[str] = None,
                                intra_vap_privacy: Optional[str] = None,
                                ip: Optional[str] = None,
                                ips_sensor: Optional[str] = None,
                                ipv6_rules: Optional[Sequence[str]] = None,
                                keyindex: Optional[float] = None,
                                keys: Optional[Sequence[str]] = None,
                                l3_roaming: Optional[str] = None,
                                l3_roaming_mode: Optional[str] = None,
                                ldpc: Optional[str] = None,
                                local_authentication: Optional[str] = None,
                                local_bridging: Optional[str] = None,
                                local_lan: Optional[str] = None,
                                local_standalone: Optional[str] = None,
                                local_standalone_dns: Optional[str] = None,
                                local_standalone_dns_ips: Optional[Sequence[str]] = None,
                                local_standalone_nat: Optional[str] = None,
                                mac_auth_bypass: Optional[str] = None,
                                mac_called_station_delimiter: Optional[str] = None,
                                mac_calling_station_delimiter: Optional[str] = None,
                                mac_case: Optional[str] = None,
                                mac_filter: Optional[str] = None,
                                mac_filter_lists: Optional[Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]] = None,
                                mac_filter_policy_other: Optional[str] = None,
                                mac_password_delimiter: Optional[str] = None,
                                mac_username_delimiter: Optional[str] = None,
                                max_clients: Optional[float] = None,
                                max_clients_ap: Optional[float] = None,
                                mbo: Optional[str] = None,
                                mbo_cell_data_conn_pref: Optional[str] = None,
                                me_disable_thresh: Optional[float] = None,
                                mesh_backhaul: Optional[str] = None,
                                mpsk: Optional[str] = None,
                                mpsk_concurrent_clients: Optional[float] = None,
                                mpsk_keys: Optional[Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]] = None,
                                mpsk_profile: Optional[str] = None,
                                mu_mimo: Optional[str] = None,
                                multicast_enhance: Optional[str] = None,
                                multicast_rate: Optional[str] = None,
                                n80211k: Optional[str] = None,
                                n80211v: Optional[str] = None,
                                nac: Optional[str] = None,
                                nac_profile: Optional[str] = None,
                                name: Optional[str] = None,
                                neighbor_report_dual_band: Optional[str] = None,
                                object_wirelesscontroller_vap_id: Optional[str] = None,
                                okc: Optional[str] = None,
                                osen: Optional[str] = None,
                                owe_groups: Optional[Sequence[str]] = None,
                                owe_transition: Optional[str] = None,
                                owe_transition_ssid: Optional[str] = None,
                                passphrases: Optional[Sequence[str]] = None,
                                pmf: Optional[str] = None,
                                pmf_assoc_comeback_timeout: Optional[float] = None,
                                pmf_sa_query_retry_timeout: Optional[float] = None,
                                port_macauth: Optional[str] = None,
                                port_macauth_reauth_timeout: Optional[float] = None,
                                port_macauth_timeout: Optional[float] = None,
                                portal_message_override_group: Optional[str] = None,
                                portal_message_overrides: Optional[ObjectWirelesscontrollerVapPortalMessageOverridesArgs] = None,
                                portal_type: Optional[str] = None,
                                primary_wag_profile: Optional[str] = None,
                                probe_resp_suppression: Optional[str] = None,
                                probe_resp_threshold: Optional[str] = None,
                                ptk_rekey: Optional[str] = None,
                                ptk_rekey_intv: Optional[float] = None,
                                qos_profile: Optional[str] = None,
                                quarantine: Optional[str] = None,
                                radio2g_threshold: Optional[str] = None,
                                radio5g_threshold: Optional[str] = None,
                                radio_sensitivity: Optional[str] = None,
                                radius_mac_auth: Optional[str] = None,
                                radius_mac_auth_block_interval: Optional[float] = None,
                                radius_mac_auth_server: Optional[str] = None,
                                radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
                                radius_mac_mpsk_auth: Optional[str] = None,
                                radius_mac_mpsk_timeout: Optional[float] = None,
                                radius_server: Optional[str] = None,
                                rates11ac_mcs_map: Optional[str] = None,
                                rates11ac_ss12s: Optional[Sequence[str]] = None,
                                rates11ac_ss34s: Optional[Sequence[str]] = None,
                                rates11as: Optional[Sequence[str]] = None,
                                rates11ax_mcs_map: Optional[str] = None,
                                rates11ax_ss12s: Optional[Sequence[str]] = None,
                                rates11ax_ss34s: Optional[Sequence[str]] = None,
                                rates11bgs: Optional[Sequence[str]] = None,
                                rates11n_ss12s: Optional[Sequence[str]] = None,
                                rates11n_ss34s: Optional[Sequence[str]] = None,
                                roaming_acct_interim_update: Optional[str] = None,
                                sae_groups: Optional[Sequence[str]] = None,
                                sae_h2e_only: Optional[str] = None,
                                sae_hnp_only: Optional[str] = None,
                                sae_passwords: Optional[Sequence[str]] = None,
                                sae_pk: Optional[str] = None,
                                sae_private_key: Optional[str] = None,
                                scan_botnet_connections: Optional[str] = None,
                                schedules: Optional[Sequence[str]] = None,
                                scopetype: Optional[str] = None,
                                secondary_wag_profile: Optional[str] = None,
                                security: Optional[str] = None,
                                security_exempt_list: Optional[str] = None,
                                security_obsolete_option: Optional[str] = None,
                                security_redirect_url: Optional[str] = None,
                                selected_usergroups: Optional[str] = None,
                                split_tunneling: Optional[str] = None,
                                ssid: Optional[str] = None,
                                sticky_client_remove: Optional[str] = None,
                                sticky_client_threshold2g: Optional[str] = None,
                                sticky_client_threshold5g: Optional[str] = None,
                                sticky_client_threshold6g: Optional[str] = None,
                                target_wake_time: Optional[str] = None,
                                tkip_counter_measure: Optional[str] = None,
                                tunnel_echo_interval: Optional[float] = None,
                                tunnel_fallback_interval: Optional[float] = None,
                                usergroup: Optional[str] = None,
                                utm_log: Optional[str] = None,
                                utm_profile: Optional[str] = None,
                                utm_status: Optional[str] = None,
                                vdom: Optional[str] = None,
                                vlan_auto: Optional[str] = None,
                                vlan_names: Optional[Sequence[ObjectWirelesscontrollerVapVlanNameArgs]] = None,
                                vlan_pooling: Optional[str] = None,
                                vlan_pools: Optional[Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]] = None,
                                vlanid: Optional[float] = None,
                                voice_enterprise: Optional[str] = None,
                                webfilter_profile: Optional[str] = None)
    func NewObjectWirelesscontrollerVap(ctx *Context, name string, args *ObjectWirelesscontrollerVapArgs, opts ...ResourceOption) (*ObjectWirelesscontrollerVap, error)
    public ObjectWirelesscontrollerVap(string name, ObjectWirelesscontrollerVapArgs? args = null, CustomResourceOptions? opts = null)
    public ObjectWirelesscontrollerVap(String name, ObjectWirelesscontrollerVapArgs args)
public ObjectWirelesscontrollerVap(String name, ObjectWirelesscontrollerVapArgs args, CustomResourceOptions options)

    type: fortimanager:ObjectWirelesscontrollerVap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args ObjectWirelesscontrollerVapArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ObjectWirelesscontrollerVapArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ObjectWirelesscontrollerVapArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ObjectWirelesscontrollerVapArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ObjectWirelesscontrollerVapArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var objectWirelesscontrollerVapResource = new Fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", new()
{
    _centmgmt = "string",
    _dhcpSvrId = "string",
    _intfAllowaccesses = new[]
    {
        "string",
    },
    _intfDeviceAccessList = "string",
    _intfDeviceIdentification = "string",
    _intfDeviceNetscan = "string",
    _intfDhcp6RelayIp = "string",
    _intfDhcp6RelayService = "string",
    _intfDhcp6RelayType = "string",
    _intfDhcpRelayIps = new[]
    {
        "string",
    },
    _intfDhcpRelayService = "string",
    _intfDhcpRelayType = "string",
    _intfIp = "string",
    _intfIp6Address = "string",
    _intfIp6Allowaccesses = new[]
    {
        "string",
    },
    _intfListenForticlientConnection = "string",
    _isFactorySetting = "string",
    AccessControlList = "string",
    AcctInterimInterval = 0,
    AdditionalAkms = new[]
    {
        "string",
    },
    AddressGroup = "string",
    AddressGroupPolicy = "string",
    Adom = "string",
    Alias = "string",
    AntivirusProfile = "string",
    ApplicationDetectionEngine = "string",
    ApplicationDscpMarking = "string",
    ApplicationList = "string",
    ApplicationReportIntv = 0,
    AtfWeight = 0,
    Auth = "string",
    AuthCert = "string",
    AuthPortalAddr = "string",
    BeaconAdvertisings = new[]
    {
        "string",
    },
    BroadcastSsid = "string",
    BroadcastSuppressions = new[]
    {
        "string",
    },
    BssColorPartial = "string",
    BstmDisassociationImminent = "string",
    BstmLoadBalancingDisassocTimer = 0,
    BstmRssiDisassocTimer = 0,
    CaptivePortalAcName = "string",
    CaptivePortalAuthTimeout = 0,
    CaptivePortalFwAccounting = "string",
    CaptivePortalMacauthRadiusSecrets = new[]
    {
        "string",
    },
    CaptivePortalMacauthRadiusServer = "string",
    CaptivePortalRadiusSecrets = new[]
    {
        "string",
    },
    CaptivePortalRadiusServer = "string",
    CaptivePortalSessionTimeoutInterval = 0,
    DhcpAddressEnforcement = "string",
    DhcpLeaseTime = 0,
    DhcpOption43Insertion = "string",
    DhcpOption82CircuitIdInsertion = "string",
    DhcpOption82Insertion = "string",
    DhcpOption82RemoteIdInsertion = "string",
    DynamicMappings = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapDynamicMappingArgs
        {
            _centmgmt = "string",
            _dhcpSvrId = "string",
            _intfAllowaccesses = new[]
            {
                "string",
            },
            _intfDeviceAccessList = "string",
            _intfDeviceIdentification = "string",
            _intfDeviceNetscan = "string",
            _intfDhcp6RelayIp = "string",
            _intfDhcp6RelayService = "string",
            _intfDhcp6RelayType = "string",
            _intfDhcpRelayIps = new[]
            {
                "string",
            },
            _intfDhcpRelayService = "string",
            _intfDhcpRelayType = "string",
            _intfIp = "string",
            _intfIp6Address = "string",
            _intfIp6Allowaccesses = new[]
            {
                "string",
            },
            _intfListenForticlientConnection = "string",
            _isFactorySetting = "string",
            _scopes = new[]
            {
                new Fortimanager.Inputs.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs
                {
                    Name = "string",
                    Vdom = "string",
                },
            },
            AccessControlList = "string",
            AcctInterimInterval = 0,
            AdditionalAkms = new[]
            {
                "string",
            },
            AddressGroup = "string",
            AddressGroupPolicy = "string",
            Alias = "string",
            AntivirusProfile = "string",
            ApplicationDetectionEngine = "string",
            ApplicationDscpMarking = "string",
            ApplicationList = "string",
            ApplicationReportIntv = 0,
            AtfWeight = 0,
            Auth = "string",
            AuthCert = "string",
            AuthPortalAddr = "string",
            BeaconAdvertisings = new[]
            {
                "string",
            },
            BroadcastSsid = "string",
            BroadcastSuppressions = new[]
            {
                "string",
            },
            BssColorPartial = "string",
            BstmDisassociationImminent = "string",
            BstmLoadBalancingDisassocTimer = 0,
            BstmRssiDisassocTimer = 0,
            CaptivePortalAcName = "string",
            CaptivePortalAuthTimeout = 0,
            CaptivePortalFwAccounting = "string",
            CaptivePortalMacauthRadiusSecrets = new[]
            {
                "string",
            },
            CaptivePortalMacauthRadiusServer = "string",
            CaptivePortalRadiusSecrets = new[]
            {
                "string",
            },
            CaptivePortalRadiusServer = "string",
            CaptivePortalSessionTimeoutInterval = 0,
            ClientCount = 0,
            DhcpAddressEnforcement = "string",
            DhcpLeaseTime = 0,
            DhcpOption43Insertion = "string",
            DhcpOption82CircuitIdInsertion = "string",
            DhcpOption82Insertion = "string",
            DhcpOption82RemoteIdInsertion = "string",
            DynamicVlan = "string",
            EapReauth = "string",
            EapReauthIntv = 0,
            EapolKeyRetries = "string",
            Encrypt = "string",
            ExternalFastRoaming = "string",
            ExternalLogout = "string",
            ExternalWeb = "string",
            ExternalWebFormat = "string",
            FastBssTransition = "string",
            FastRoaming = "string",
            FtMobilityDomain = 0,
            FtOverDs = "string",
            FtR0KeyLifetime = 0,
            GasComebackDelay = 0,
            GasFragmentationLimit = 0,
            GtkRekey = "string",
            GtkRekeyIntv = 0,
            HighEfficiency = "string",
            Hotspot20Profile = "string",
            IgmpSnooping = "string",
            IntraVapPrivacy = "string",
            Ip = "string",
            IpsSensor = "string",
            Ipv6Rules = new[]
            {
                "string",
            },
            Keyindex = 0,
            Keys = new[]
            {
                "string",
            },
            L3Roaming = "string",
            L3RoamingMode = "string",
            Ldpc = "string",
            LocalAuthentication = "string",
            LocalBridging = "string",
            LocalLan = "string",
            LocalStandalone = "string",
            LocalStandaloneDns = "string",
            LocalStandaloneDnsIps = new[]
            {
                "string",
            },
            LocalStandaloneNat = "string",
            LocalSwitching = "string",
            MacAuthBypass = "string",
            MacCalledStationDelimiter = "string",
            MacCallingStationDelimiter = "string",
            MacCase = "string",
            MacFilter = "string",
            MacFilterPolicyOther = "string",
            MacPasswordDelimiter = "string",
            MacUsernameDelimiter = "string",
            MaxClients = 0,
            MaxClientsAp = 0,
            Mbo = "string",
            MboCellDataConnPref = "string",
            MeDisableThresh = 0,
            MeshBackhaul = "string",
            Mpsk = "string",
            MpskConcurrentClients = 0,
            MpskProfile = "string",
            MuMimo = "string",
            MulticastEnhance = "string",
            MulticastRate = "string",
            N80211k = "string",
            N80211v = "string",
            Nac = "string",
            NacProfile = "string",
            NeighborReportDualBand = "string",
            Okc = "string",
            Osen = "string",
            OweGroups = new[]
            {
                "string",
            },
            OweTransition = "string",
            OweTransitionSsid = "string",
            Passphrases = new[]
            {
                "string",
            },
            Pmf = "string",
            PmfAssocComebackTimeout = 0,
            PmfSaQueryRetryTimeout = 0,
            PortMacauth = "string",
            PortMacauthReauthTimeout = 0,
            PortMacauthTimeout = 0,
            PortalMessageOverrideGroup = "string",
            PortalType = "string",
            PrimaryWagProfile = "string",
            ProbeRespSuppression = "string",
            ProbeRespThreshold = "string",
            PtkRekey = "string",
            PtkRekeyIntv = 0,
            QosProfile = "string",
            Quarantine = "string",
            Radio2gThreshold = "string",
            Radio5gThreshold = "string",
            RadioSensitivity = "string",
            RadiusMacAuth = "string",
            RadiusMacAuthBlockInterval = 0,
            RadiusMacAuthServer = "string",
            RadiusMacAuthUsergroups = new[]
            {
                "string",
            },
            RadiusMacMpskAuth = "string",
            RadiusMacMpskTimeout = 0,
            RadiusServer = "string",
            Rates11acMcsMap = "string",
            Rates11acSs12s = new[]
            {
                "string",
            },
            Rates11acSs34s = new[]
            {
                "string",
            },
            Rates11as = new[]
            {
                "string",
            },
            Rates11axMcsMap = "string",
            Rates11axSs12s = new[]
            {
                "string",
            },
            Rates11axSs34s = new[]
            {
                "string",
            },
            Rates11bgs = new[]
            {
                "string",
            },
            Rates11nSs12s = new[]
            {
                "string",
            },
            Rates11nSs34s = new[]
            {
                "string",
            },
            RoamingAcctInterimUpdate = "string",
            SaeGroups = new[]
            {
                "string",
            },
            SaeH2eOnly = "string",
            SaeHnpOnly = "string",
            SaePasswords = new[]
            {
                "string",
            },
            SaePk = "string",
            SaePrivateKey = "string",
            ScanBotnetConnections = "string",
            Schedule = "string",
            SecondaryWagProfile = "string",
            Security = "string",
            SecurityExemptList = "string",
            SecurityObsoleteOption = "string",
            SecurityRedirectUrl = "string",
            SelectedUsergroups = "string",
            SplitTunneling = "string",
            Ssid = "string",
            StickyClientRemove = "string",
            StickyClientThreshold2g = "string",
            StickyClientThreshold5g = "string",
            StickyClientThreshold6g = "string",
            TargetWakeTime = "string",
            TkipCounterMeasure = "string",
            TunnelEchoInterval = 0,
            TunnelFallbackInterval = 0,
            Usergroup = "string",
            UtmLog = "string",
            UtmProfile = "string",
            UtmStatus = "string",
            Vdom = "string",
            VlanAuto = "string",
            VlanPooling = "string",
            Vlanid = 0,
            VoiceEnterprise = "string",
            WebfilterProfile = "string",
        },
    },
    DynamicSortSubtable = "string",
    DynamicVlan = "string",
    EapReauth = "string",
    EapReauthIntv = 0,
    EapolKeyRetries = "string",
    Encrypt = "string",
    ExternalFastRoaming = "string",
    ExternalLogout = "string",
    ExternalWeb = "string",
    ExternalWebFormat = "string",
    FastBssTransition = "string",
    FastRoaming = "string",
    FtMobilityDomain = 0,
    FtOverDs = "string",
    FtR0KeyLifetime = 0,
    GasComebackDelay = 0,
    GasFragmentationLimit = 0,
    GtkRekey = "string",
    GtkRekeyIntv = 0,
    HighEfficiency = "string",
    Hotspot20Profile = "string",
    IgmpSnooping = "string",
    IntraVapPrivacy = "string",
    Ip = "string",
    IpsSensor = "string",
    Ipv6Rules = new[]
    {
        "string",
    },
    Keyindex = 0,
    Keys = new[]
    {
        "string",
    },
    L3Roaming = "string",
    L3RoamingMode = "string",
    Ldpc = "string",
    LocalAuthentication = "string",
    LocalBridging = "string",
    LocalLan = "string",
    LocalStandalone = "string",
    LocalStandaloneDns = "string",
    LocalStandaloneDnsIps = new[]
    {
        "string",
    },
    LocalStandaloneNat = "string",
    MacAuthBypass = "string",
    MacCalledStationDelimiter = "string",
    MacCallingStationDelimiter = "string",
    MacCase = "string",
    MacFilter = "string",
    MacFilterLists = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapMacFilterListArgs
        {
            Id = 0,
            Mac = "string",
            MacFilterPolicy = "string",
        },
    },
    MacFilterPolicyOther = "string",
    MacPasswordDelimiter = "string",
    MacUsernameDelimiter = "string",
    MaxClients = 0,
    MaxClientsAp = 0,
    Mbo = "string",
    MboCellDataConnPref = "string",
    MeDisableThresh = 0,
    MeshBackhaul = "string",
    Mpsk = "string",
    MpskConcurrentClients = 0,
    MpskKeys = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapMpskKeyArgs
        {
            Comment = "string",
            ConcurrentClients = "string",
            KeyName = "string",
            MpskSchedules = "string",
            Passphrases = new[]
            {
                "string",
            },
        },
    },
    MpskProfile = "string",
    MuMimo = "string",
    MulticastEnhance = "string",
    MulticastRate = "string",
    N80211k = "string",
    N80211v = "string",
    Nac = "string",
    NacProfile = "string",
    Name = "string",
    NeighborReportDualBand = "string",
    ObjectWirelesscontrollerVapId = "string",
    Okc = "string",
    Osen = "string",
    OweGroups = new[]
    {
        "string",
    },
    OweTransition = "string",
    OweTransitionSsid = "string",
    Passphrases = new[]
    {
        "string",
    },
    Pmf = "string",
    PmfAssocComebackTimeout = 0,
    PmfSaQueryRetryTimeout = 0,
    PortMacauth = "string",
    PortMacauthReauthTimeout = 0,
    PortMacauthTimeout = 0,
    PortalMessageOverrideGroup = "string",
    PortalMessageOverrides = new Fortimanager.Inputs.ObjectWirelesscontrollerVapPortalMessageOverridesArgs
    {
        AuthDisclaimerPage = "string",
        AuthLoginFailedPage = "string",
        AuthLoginPage = "string",
        AuthRejectPage = "string",
    },
    PortalType = "string",
    PrimaryWagProfile = "string",
    ProbeRespSuppression = "string",
    ProbeRespThreshold = "string",
    PtkRekey = "string",
    PtkRekeyIntv = 0,
    QosProfile = "string",
    Quarantine = "string",
    Radio2gThreshold = "string",
    Radio5gThreshold = "string",
    RadioSensitivity = "string",
    RadiusMacAuth = "string",
    RadiusMacAuthBlockInterval = 0,
    RadiusMacAuthServer = "string",
    RadiusMacAuthUsergroups = new[]
    {
        "string",
    },
    RadiusMacMpskAuth = "string",
    RadiusMacMpskTimeout = 0,
    RadiusServer = "string",
    Rates11acMcsMap = "string",
    Rates11acSs12s = new[]
    {
        "string",
    },
    Rates11acSs34s = new[]
    {
        "string",
    },
    Rates11as = new[]
    {
        "string",
    },
    Rates11axMcsMap = "string",
    Rates11axSs12s = new[]
    {
        "string",
    },
    Rates11axSs34s = new[]
    {
        "string",
    },
    Rates11bgs = new[]
    {
        "string",
    },
    Rates11nSs12s = new[]
    {
        "string",
    },
    Rates11nSs34s = new[]
    {
        "string",
    },
    RoamingAcctInterimUpdate = "string",
    SaeGroups = new[]
    {
        "string",
    },
    SaeH2eOnly = "string",
    SaeHnpOnly = "string",
    SaePasswords = new[]
    {
        "string",
    },
    SaePk = "string",
    SaePrivateKey = "string",
    ScanBotnetConnections = "string",
    Schedules = new[]
    {
        "string",
    },
    Scopetype = "string",
    SecondaryWagProfile = "string",
    Security = "string",
    SecurityExemptList = "string",
    SecurityObsoleteOption = "string",
    SecurityRedirectUrl = "string",
    SelectedUsergroups = "string",
    SplitTunneling = "string",
    Ssid = "string",
    StickyClientRemove = "string",
    StickyClientThreshold2g = "string",
    StickyClientThreshold5g = "string",
    StickyClientThreshold6g = "string",
    TargetWakeTime = "string",
    TkipCounterMeasure = "string",
    TunnelEchoInterval = 0,
    TunnelFallbackInterval = 0,
    Usergroup = "string",
    UtmLog = "string",
    UtmProfile = "string",
    UtmStatus = "string",
    Vdom = "string",
    VlanAuto = "string",
    VlanNames = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapVlanNameArgs
        {
            Name = "string",
            VlanId = 0,
        },
    },
    VlanPooling = "string",
    VlanPools = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapVlanPoolArgs
        {
            _wtpGroup = "string",
            Id = 0,
        },
    },
    Vlanid = 0,
    VoiceEnterprise = "string",
    WebfilterProfile = "string",
});

    example, err := fortimanager.NewObjectWirelesscontrollerVap(ctx, "objectWirelesscontrollerVapResource", &fortimanager.ObjectWirelesscontrollerVapArgs{
_centmgmt: pulumi.String("string"),
_dhcpSvrId: pulumi.String("string"),
_intfAllowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfDeviceAccessList: pulumi.String("string"),
_intfDeviceIdentification: pulumi.String("string"),
_intfDeviceNetscan: pulumi.String("string"),
_intfDhcp6RelayIp: pulumi.String("string"),
_intfDhcp6RelayService: pulumi.String("string"),
_intfDhcp6RelayType: pulumi.String("string"),
_intfDhcpRelayIps: pulumi.StringArray{
pulumi.String("string"),
},
_intfDhcpRelayService: pulumi.String("string"),
_intfDhcpRelayType: pulumi.String("string"),
_intfIp: pulumi.String("string"),
_intfIp6Address: pulumi.String("string"),
_intfIp6Allowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfListenForticlientConnection: pulumi.String("string"),
_isFactorySetting: pulumi.String("string"),
AccessControlList: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
AdditionalAkms: pulumi.StringArray{
pulumi.String("string"),
},
AddressGroup: pulumi.String("string"),
AddressGroupPolicy: pulumi.String("string"),
Adom: pulumi.String("string"),
Alias: pulumi.String("string"),
AntivirusProfile: pulumi.String("string"),
ApplicationDetectionEngine: pulumi.String("string"),
ApplicationDscpMarking: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
ApplicationReportIntv: pulumi.Float64(0),
AtfWeight: pulumi.Float64(0),
Auth: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthPortalAddr: pulumi.String("string"),
BeaconAdvertisings: pulumi.StringArray{
pulumi.String("string"),
},
BroadcastSsid: pulumi.String("string"),
BroadcastSuppressions: pulumi.StringArray{
pulumi.String("string"),
},
BssColorPartial: pulumi.String("string"),
BstmDisassociationImminent: pulumi.String("string"),
BstmLoadBalancingDisassocTimer: pulumi.Float64(0),
BstmRssiDisassocTimer: pulumi.Float64(0),
CaptivePortalAcName: pulumi.String("string"),
CaptivePortalAuthTimeout: pulumi.Float64(0),
CaptivePortalFwAccounting: pulumi.String("string"),
CaptivePortalMacauthRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalMacauthRadiusServer: pulumi.String("string"),
CaptivePortalRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalRadiusServer: pulumi.String("string"),
CaptivePortalSessionTimeoutInterval: pulumi.Float64(0),
DhcpAddressEnforcement: pulumi.String("string"),
DhcpLeaseTime: pulumi.Float64(0),
DhcpOption43Insertion: pulumi.String("string"),
DhcpOption82CircuitIdInsertion: pulumi.String("string"),
DhcpOption82Insertion: pulumi.String("string"),
DhcpOption82RemoteIdInsertion: pulumi.String("string"),
DynamicMappings: .ObjectWirelesscontrollerVapDynamicMappingTypeArray{
&.ObjectWirelesscontrollerVapDynamicMappingTypeArgs{
_centmgmt: pulumi.String("string"),
_dhcpSvrId: pulumi.String("string"),
_intfAllowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfDeviceAccessList: pulumi.String("string"),
_intfDeviceIdentification: pulumi.String("string"),
_intfDeviceNetscan: pulumi.String("string"),
_intfDhcp6RelayIp: pulumi.String("string"),
_intfDhcp6RelayService: pulumi.String("string"),
_intfDhcp6RelayType: pulumi.String("string"),
_intfDhcpRelayIps: pulumi.StringArray{
pulumi.String("string"),
},
_intfDhcpRelayService: pulumi.String("string"),
_intfDhcpRelayType: pulumi.String("string"),
_intfIp: pulumi.String("string"),
_intfIp6Address: pulumi.String("string"),
_intfIp6Allowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfListenForticlientConnection: pulumi.String("string"),
_isFactorySetting: pulumi.String("string"),
_scopes: .ObjectWirelesscontrollerVapDynamicMapping_ScopeArray{
&.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AccessControlList: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
AdditionalAkms: pulumi.StringArray{
pulumi.String("string"),
},
AddressGroup: pulumi.String("string"),
AddressGroupPolicy: pulumi.String("string"),
Alias: pulumi.String("string"),
AntivirusProfile: pulumi.String("string"),
ApplicationDetectionEngine: pulumi.String("string"),
ApplicationDscpMarking: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
ApplicationReportIntv: pulumi.Float64(0),
AtfWeight: pulumi.Float64(0),
Auth: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthPortalAddr: pulumi.String("string"),
BeaconAdvertisings: pulumi.StringArray{
pulumi.String("string"),
},
BroadcastSsid: pulumi.String("string"),
BroadcastSuppressions: pulumi.StringArray{
pulumi.String("string"),
},
BssColorPartial: pulumi.String("string"),
BstmDisassociationImminent: pulumi.String("string"),
BstmLoadBalancingDisassocTimer: pulumi.Float64(0),
BstmRssiDisassocTimer: pulumi.Float64(0),
CaptivePortalAcName: pulumi.String("string"),
CaptivePortalAuthTimeout: pulumi.Float64(0),
CaptivePortalFwAccounting: pulumi.String("string"),
CaptivePortalMacauthRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalMacauthRadiusServer: pulumi.String("string"),
CaptivePortalRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalRadiusServer: pulumi.String("string"),
CaptivePortalSessionTimeoutInterval: pulumi.Float64(0),
ClientCount: pulumi.Float64(0),
DhcpAddressEnforcement: pulumi.String("string"),
DhcpLeaseTime: pulumi.Float64(0),
DhcpOption43Insertion: pulumi.String("string"),
DhcpOption82CircuitIdInsertion: pulumi.String("string"),
DhcpOption82Insertion: pulumi.String("string"),
DhcpOption82RemoteIdInsertion: pulumi.String("string"),
DynamicVlan: pulumi.String("string"),
EapReauth: pulumi.String("string"),
EapReauthIntv: pulumi.Float64(0),
EapolKeyRetries: pulumi.String("string"),
Encrypt: pulumi.String("string"),
ExternalFastRoaming: pulumi.String("string"),
ExternalLogout: pulumi.String("string"),
ExternalWeb: pulumi.String("string"),
ExternalWebFormat: pulumi.String("string"),
FastBssTransition: pulumi.String("string"),
FastRoaming: pulumi.String("string"),
FtMobilityDomain: pulumi.Float64(0),
FtOverDs: pulumi.String("string"),
FtR0KeyLifetime: pulumi.Float64(0),
GasComebackDelay: pulumi.Float64(0),
GasFragmentationLimit: pulumi.Float64(0),
GtkRekey: pulumi.String("string"),
GtkRekeyIntv: pulumi.Float64(0),
HighEfficiency: pulumi.String("string"),
Hotspot20Profile: pulumi.String("string"),
IgmpSnooping: pulumi.String("string"),
IntraVapPrivacy: pulumi.String("string"),
Ip: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Ipv6Rules: pulumi.StringArray{
pulumi.String("string"),
},
Keyindex: pulumi.Float64(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
L3Roaming: pulumi.String("string"),
L3RoamingMode: pulumi.String("string"),
Ldpc: pulumi.String("string"),
LocalAuthentication: pulumi.String("string"),
LocalBridging: pulumi.String("string"),
LocalLan: pulumi.String("string"),
LocalStandalone: pulumi.String("string"),
LocalStandaloneDns: pulumi.String("string"),
LocalStandaloneDnsIps: pulumi.StringArray{
pulumi.String("string"),
},
LocalStandaloneNat: pulumi.String("string"),
LocalSwitching: pulumi.String("string"),
MacAuthBypass: pulumi.String("string"),
MacCalledStationDelimiter: pulumi.String("string"),
MacCallingStationDelimiter: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacFilter: pulumi.String("string"),
MacFilterPolicyOther: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
MaxClients: pulumi.Float64(0),
MaxClientsAp: pulumi.Float64(0),
Mbo: pulumi.String("string"),
MboCellDataConnPref: pulumi.String("string"),
MeDisableThresh: pulumi.Float64(0),
MeshBackhaul: pulumi.String("string"),
Mpsk: pulumi.String("string"),
MpskConcurrentClients: pulumi.Float64(0),
MpskProfile: pulumi.String("string"),
MuMimo: pulumi.String("string"),
MulticastEnhance: pulumi.String("string"),
MulticastRate: pulumi.String("string"),
N80211k: pulumi.String("string"),
N80211v: pulumi.String("string"),
Nac: pulumi.String("string"),
NacProfile: pulumi.String("string"),
NeighborReportDualBand: pulumi.String("string"),
Okc: pulumi.String("string"),
Osen: pulumi.String("string"),
OweGroups: pulumi.StringArray{
pulumi.String("string"),
},
OweTransition: pulumi.String("string"),
OweTransitionSsid: pulumi.String("string"),
Passphrases: pulumi.StringArray{
pulumi.String("string"),
},
Pmf: pulumi.String("string"),
PmfAssocComebackTimeout: pulumi.Float64(0),
PmfSaQueryRetryTimeout: pulumi.Float64(0),
PortMacauth: pulumi.String("string"),
PortMacauthReauthTimeout: pulumi.Float64(0),
PortMacauthTimeout: pulumi.Float64(0),
PortalMessageOverrideGroup: pulumi.String("string"),
PortalType: pulumi.String("string"),
PrimaryWagProfile: pulumi.String("string"),
ProbeRespSuppression: pulumi.String("string"),
ProbeRespThreshold: pulumi.String("string"),
PtkRekey: pulumi.String("string"),
PtkRekeyIntv: pulumi.Float64(0),
QosProfile: pulumi.String("string"),
Quarantine: pulumi.String("string"),
Radio2gThreshold: pulumi.String("string"),
Radio5gThreshold: pulumi.String("string"),
RadioSensitivity: pulumi.String("string"),
RadiusMacAuth: pulumi.String("string"),
RadiusMacAuthBlockInterval: pulumi.Float64(0),
RadiusMacAuthServer: pulumi.String("string"),
RadiusMacAuthUsergroups: pulumi.StringArray{
pulumi.String("string"),
},
RadiusMacMpskAuth: pulumi.String("string"),
RadiusMacMpskTimeout: pulumi.Float64(0),
RadiusServer: pulumi.String("string"),
Rates11acMcsMap: pulumi.String("string"),
Rates11acSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11acSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11as: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axMcsMap: pulumi.String("string"),
Rates11axSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11bgs: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs34s: pulumi.StringArray{
pulumi.String("string"),
},
RoamingAcctInterimUpdate: pulumi.String("string"),
SaeGroups: pulumi.StringArray{
pulumi.String("string"),
},
SaeH2eOnly: pulumi.String("string"),
SaeHnpOnly: pulumi.String("string"),
SaePasswords: pulumi.StringArray{
pulumi.String("string"),
},
SaePk: pulumi.String("string"),
SaePrivateKey: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
Schedule: pulumi.String("string"),
SecondaryWagProfile: pulumi.String("string"),
Security: pulumi.String("string"),
SecurityExemptList: pulumi.String("string"),
SecurityObsoleteOption: pulumi.String("string"),
SecurityRedirectUrl: pulumi.String("string"),
SelectedUsergroups: pulumi.String("string"),
SplitTunneling: pulumi.String("string"),
Ssid: pulumi.String("string"),
StickyClientRemove: pulumi.String("string"),
StickyClientThreshold2g: pulumi.String("string"),
StickyClientThreshold5g: pulumi.String("string"),
StickyClientThreshold6g: pulumi.String("string"),
TargetWakeTime: pulumi.String("string"),
TkipCounterMeasure: pulumi.String("string"),
TunnelEchoInterval: pulumi.Float64(0),
TunnelFallbackInterval: pulumi.Float64(0),
Usergroup: pulumi.String("string"),
UtmLog: pulumi.String("string"),
UtmProfile: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Vdom: pulumi.String("string"),
VlanAuto: pulumi.String("string"),
VlanPooling: pulumi.String("string"),
Vlanid: pulumi.Float64(0),
VoiceEnterprise: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
},
},
DynamicSortSubtable: pulumi.String("string"),
DynamicVlan: pulumi.String("string"),
EapReauth: pulumi.String("string"),
EapReauthIntv: pulumi.Float64(0),
EapolKeyRetries: pulumi.String("string"),
Encrypt: pulumi.String("string"),
ExternalFastRoaming: pulumi.String("string"),
ExternalLogout: pulumi.String("string"),
ExternalWeb: pulumi.String("string"),
ExternalWebFormat: pulumi.String("string"),
FastBssTransition: pulumi.String("string"),
FastRoaming: pulumi.String("string"),
FtMobilityDomain: pulumi.Float64(0),
FtOverDs: pulumi.String("string"),
FtR0KeyLifetime: pulumi.Float64(0),
GasComebackDelay: pulumi.Float64(0),
GasFragmentationLimit: pulumi.Float64(0),
GtkRekey: pulumi.String("string"),
GtkRekeyIntv: pulumi.Float64(0),
HighEfficiency: pulumi.String("string"),
Hotspot20Profile: pulumi.String("string"),
IgmpSnooping: pulumi.String("string"),
IntraVapPrivacy: pulumi.String("string"),
Ip: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Ipv6Rules: pulumi.StringArray{
pulumi.String("string"),
},
Keyindex: pulumi.Float64(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
L3Roaming: pulumi.String("string"),
L3RoamingMode: pulumi.String("string"),
Ldpc: pulumi.String("string"),
LocalAuthentication: pulumi.String("string"),
LocalBridging: pulumi.String("string"),
LocalLan: pulumi.String("string"),
LocalStandalone: pulumi.String("string"),
LocalStandaloneDns: pulumi.String("string"),
LocalStandaloneDnsIps: pulumi.StringArray{
pulumi.String("string"),
},
LocalStandaloneNat: pulumi.String("string"),
MacAuthBypass: pulumi.String("string"),
MacCalledStationDelimiter: pulumi.String("string"),
MacCallingStationDelimiter: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacFilter: pulumi.String("string"),
MacFilterLists: .ObjectWirelesscontrollerVapMacFilterListTypeArray{
&.ObjectWirelesscontrollerVapMacFilterListTypeArgs{
Id: pulumi.Float64(0),
Mac: pulumi.String("string"),
MacFilterPolicy: pulumi.String("string"),
},
},
MacFilterPolicyOther: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
MaxClients: pulumi.Float64(0),
MaxClientsAp: pulumi.Float64(0),
Mbo: pulumi.String("string"),
MboCellDataConnPref: pulumi.String("string"),
MeDisableThresh: pulumi.Float64(0),
MeshBackhaul: pulumi.String("string"),
Mpsk: pulumi.String("string"),
MpskConcurrentClients: pulumi.Float64(0),
MpskKeys: .ObjectWirelesscontrollerVapMpskKeyArray{
&.ObjectWirelesscontrollerVapMpskKeyArgs{
Comment: pulumi.String("string"),
ConcurrentClients: pulumi.String("string"),
KeyName: pulumi.String("string"),
MpskSchedules: pulumi.String("string"),
Passphrases: pulumi.StringArray{
pulumi.String("string"),
},
},
},
MpskProfile: pulumi.String("string"),
MuMimo: pulumi.String("string"),
MulticastEnhance: pulumi.String("string"),
MulticastRate: pulumi.String("string"),
N80211k: pulumi.String("string"),
N80211v: pulumi.String("string"),
Nac: pulumi.String("string"),
NacProfile: pulumi.String("string"),
Name: pulumi.String("string"),
NeighborReportDualBand: pulumi.String("string"),
ObjectWirelesscontrollerVapId: pulumi.String("string"),
Okc: pulumi.String("string"),
Osen: pulumi.String("string"),
OweGroups: pulumi.StringArray{
pulumi.String("string"),
},
OweTransition: pulumi.String("string"),
OweTransitionSsid: pulumi.String("string"),
Passphrases: pulumi.StringArray{
pulumi.String("string"),
},
Pmf: pulumi.String("string"),
PmfAssocComebackTimeout: pulumi.Float64(0),
PmfSaQueryRetryTimeout: pulumi.Float64(0),
PortMacauth: pulumi.String("string"),
PortMacauthReauthTimeout: pulumi.Float64(0),
PortMacauthTimeout: pulumi.Float64(0),
PortalMessageOverrideGroup: pulumi.String("string"),
PortalMessageOverrides: &.ObjectWirelesscontrollerVapPortalMessageOverridesTypeArgs{
AuthDisclaimerPage: pulumi.String("string"),
AuthLoginFailedPage: pulumi.String("string"),
AuthLoginPage: pulumi.String("string"),
AuthRejectPage: pulumi.String("string"),
},
PortalType: pulumi.String("string"),
PrimaryWagProfile: pulumi.String("string"),
ProbeRespSuppression: pulumi.String("string"),
ProbeRespThreshold: pulumi.String("string"),
PtkRekey: pulumi.String("string"),
PtkRekeyIntv: pulumi.Float64(0),
QosProfile: pulumi.String("string"),
Quarantine: pulumi.String("string"),
Radio2gThreshold: pulumi.String("string"),
Radio5gThreshold: pulumi.String("string"),
RadioSensitivity: pulumi.String("string"),
RadiusMacAuth: pulumi.String("string"),
RadiusMacAuthBlockInterval: pulumi.Float64(0),
RadiusMacAuthServer: pulumi.String("string"),
RadiusMacAuthUsergroups: pulumi.StringArray{
pulumi.String("string"),
},
RadiusMacMpskAuth: pulumi.String("string"),
RadiusMacMpskTimeout: pulumi.Float64(0),
RadiusServer: pulumi.String("string"),
Rates11acMcsMap: pulumi.String("string"),
Rates11acSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11acSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11as: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axMcsMap: pulumi.String("string"),
Rates11axSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11bgs: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs34s: pulumi.StringArray{
pulumi.String("string"),
},
RoamingAcctInterimUpdate: pulumi.String("string"),
SaeGroups: pulumi.StringArray{
pulumi.String("string"),
},
SaeH2eOnly: pulumi.String("string"),
SaeHnpOnly: pulumi.String("string"),
SaePasswords: pulumi.StringArray{
pulumi.String("string"),
},
SaePk: pulumi.String("string"),
SaePrivateKey: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
Schedules: pulumi.StringArray{
pulumi.String("string"),
},
Scopetype: pulumi.String("string"),
SecondaryWagProfile: pulumi.String("string"),
Security: pulumi.String("string"),
SecurityExemptList: pulumi.String("string"),
SecurityObsoleteOption: pulumi.String("string"),
SecurityRedirectUrl: pulumi.String("string"),
SelectedUsergroups: pulumi.String("string"),
SplitTunneling: pulumi.String("string"),
Ssid: pulumi.String("string"),
StickyClientRemove: pulumi.String("string"),
StickyClientThreshold2g: pulumi.String("string"),
StickyClientThreshold5g: pulumi.String("string"),
StickyClientThreshold6g: pulumi.String("string"),
TargetWakeTime: pulumi.String("string"),
TkipCounterMeasure: pulumi.String("string"),
TunnelEchoInterval: pulumi.Float64(0),
TunnelFallbackInterval: pulumi.Float64(0),
Usergroup: pulumi.String("string"),
UtmLog: pulumi.String("string"),
UtmProfile: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Vdom: pulumi.String("string"),
VlanAuto: pulumi.String("string"),
VlanNames: .ObjectWirelesscontrollerVapVlanNameTypeArray{
&.ObjectWirelesscontrollerVapVlanNameTypeArgs{
Name: pulumi.String("string"),
VlanId: pulumi.Float64(0),
},
},
VlanPooling: pulumi.String("string"),
VlanPools: .ObjectWirelesscontrollerVapVlanPoolTypeArray{
&.ObjectWirelesscontrollerVapVlanPoolTypeArgs{
_wtpGroup: pulumi.String("string"),
Id: pulumi.Float64(0),
},
},
Vlanid: pulumi.Float64(0),
VoiceEnterprise: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
})

    var objectWirelesscontrollerVapResource = new ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", ObjectWirelesscontrollerVapArgs.builder()
    ._centmgmt("string")
    ._dhcpSvrId("string")
    ._intfAllowaccesses("string")
    ._intfDeviceAccessList("string")
    ._intfDeviceIdentification("string")
    ._intfDeviceNetscan("string")
    ._intfDhcp6RelayIp("string")
    ._intfDhcp6RelayService("string")
    ._intfDhcp6RelayType("string")
    ._intfDhcpRelayIps("string")
    ._intfDhcpRelayService("string")
    ._intfDhcpRelayType("string")
    ._intfIp("string")
    ._intfIp6Address("string")
    ._intfIp6Allowaccesses("string")
    ._intfListenForticlientConnection("string")
    ._isFactorySetting("string")
    .accessControlList("string")
    .acctInterimInterval(0)
    .additionalAkms("string")
    .addressGroup("string")
    .addressGroupPolicy("string")
    .adom("string")
    .alias("string")
    .antivirusProfile("string")
    .applicationDetectionEngine("string")
    .applicationDscpMarking("string")
    .applicationList("string")
    .applicationReportIntv(0)
    .atfWeight(0)
    .auth("string")
    .authCert("string")
    .authPortalAddr("string")
    .beaconAdvertisings("string")
    .broadcastSsid("string")
    .broadcastSuppressions("string")
    .bssColorPartial("string")
    .bstmDisassociationImminent("string")
    .bstmLoadBalancingDisassocTimer(0)
    .bstmRssiDisassocTimer(0)
    .captivePortalAcName("string")
    .captivePortalAuthTimeout(0)
    .captivePortalFwAccounting("string")
    .captivePortalMacauthRadiusSecrets("string")
    .captivePortalMacauthRadiusServer("string")
    .captivePortalRadiusSecrets("string")
    .captivePortalRadiusServer("string")
    .captivePortalSessionTimeoutInterval(0)
    .dhcpAddressEnforcement("string")
    .dhcpLeaseTime(0)
    .dhcpOption43Insertion("string")
    .dhcpOption82CircuitIdInsertion("string")
    .dhcpOption82Insertion("string")
    .dhcpOption82RemoteIdInsertion("string")
    .dynamicMappings(ObjectWirelesscontrollerVapDynamicMappingArgs.builder()
        ._centmgmt("string")
        ._dhcpSvrId("string")
        ._intfAllowaccesses("string")
        ._intfDeviceAccessList("string")
        ._intfDeviceIdentification("string")
        ._intfDeviceNetscan("string")
        ._intfDhcp6RelayIp("string")
        ._intfDhcp6RelayService("string")
        ._intfDhcp6RelayType("string")
        ._intfDhcpRelayIps("string")
        ._intfDhcpRelayService("string")
        ._intfDhcpRelayType("string")
        ._intfIp("string")
        ._intfIp6Address("string")
        ._intfIp6Allowaccesses("string")
        ._intfListenForticlientConnection("string")
        ._isFactorySetting("string")
        ._scopes(ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs.builder()
            .name("string")
            .vdom("string")
            .build())
        .accessControlList("string")
        .acctInterimInterval(0)
        .additionalAkms("string")
        .addressGroup("string")
        .addressGroupPolicy("string")
        .alias("string")
        .antivirusProfile("string")
        .applicationDetectionEngine("string")
        .applicationDscpMarking("string")
        .applicationList("string")
        .applicationReportIntv(0)
        .atfWeight(0)
        .auth("string")
        .authCert("string")
        .authPortalAddr("string")
        .beaconAdvertisings("string")
        .broadcastSsid("string")
        .broadcastSuppressions("string")
        .bssColorPartial("string")
        .bstmDisassociationImminent("string")
        .bstmLoadBalancingDisassocTimer(0)
        .bstmRssiDisassocTimer(0)
        .captivePortalAcName("string")
        .captivePortalAuthTimeout(0)
        .captivePortalFwAccounting("string")
        .captivePortalMacauthRadiusSecrets("string")
        .captivePortalMacauthRadiusServer("string")
        .captivePortalRadiusSecrets("string")
        .captivePortalRadiusServer("string")
        .captivePortalSessionTimeoutInterval(0)
        .clientCount(0)
        .dhcpAddressEnforcement("string")
        .dhcpLeaseTime(0)
        .dhcpOption43Insertion("string")
        .dhcpOption82CircuitIdInsertion("string")
        .dhcpOption82Insertion("string")
        .dhcpOption82RemoteIdInsertion("string")
        .dynamicVlan("string")
        .eapReauth("string")
        .eapReauthIntv(0)
        .eapolKeyRetries("string")
        .encrypt("string")
        .externalFastRoaming("string")
        .externalLogout("string")
        .externalWeb("string")
        .externalWebFormat("string")
        .fastBssTransition("string")
        .fastRoaming("string")
        .ftMobilityDomain(0)
        .ftOverDs("string")
        .ftR0KeyLifetime(0)
        .gasComebackDelay(0)
        .gasFragmentationLimit(0)
        .gtkRekey("string")
        .gtkRekeyIntv(0)
        .highEfficiency("string")
        .hotspot20Profile("string")
        .igmpSnooping("string")
        .intraVapPrivacy("string")
        .ip("string")
        .ipsSensor("string")
        .ipv6Rules("string")
        .keyindex(0)
        .keys("string")
        .l3Roaming("string")
        .l3RoamingMode("string")
        .ldpc("string")
        .localAuthentication("string")
        .localBridging("string")
        .localLan("string")
        .localStandalone("string")
        .localStandaloneDns("string")
        .localStandaloneDnsIps("string")
        .localStandaloneNat("string")
        .localSwitching("string")
        .macAuthBypass("string")
        .macCalledStationDelimiter("string")
        .macCallingStationDelimiter("string")
        .macCase("string")
        .macFilter("string")
        .macFilterPolicyOther("string")
        .macPasswordDelimiter("string")
        .macUsernameDelimiter("string")
        .maxClients(0)
        .maxClientsAp(0)
        .mbo("string")
        .mboCellDataConnPref("string")
        .meDisableThresh(0)
        .meshBackhaul("string")
        .mpsk("string")
        .mpskConcurrentClients(0)
        .mpskProfile("string")
        .muMimo("string")
        .multicastEnhance("string")
        .multicastRate("string")
        .n80211k("string")
        .n80211v("string")
        .nac("string")
        .nacProfile("string")
        .neighborReportDualBand("string")
        .okc("string")
        .osen("string")
        .oweGroups("string")
        .oweTransition("string")
        .oweTransitionSsid("string")
        .passphrases("string")
        .pmf("string")
        .pmfAssocComebackTimeout(0)
        .pmfSaQueryRetryTimeout(0)
        .portMacauth("string")
        .portMacauthReauthTimeout(0)
        .portMacauthTimeout(0)
        .portalMessageOverrideGroup("string")
        .portalType("string")
        .primaryWagProfile("string")
        .probeRespSuppression("string")
        .probeRespThreshold("string")
        .ptkRekey("string")
        .ptkRekeyIntv(0)
        .qosProfile("string")
        .quarantine("string")
        .radio2gThreshold("string")
        .radio5gThreshold("string")
        .radioSensitivity("string")
        .radiusMacAuth("string")
        .radiusMacAuthBlockInterval(0)
        .radiusMacAuthServer("string")
        .radiusMacAuthUsergroups("string")
        .radiusMacMpskAuth("string")
        .radiusMacMpskTimeout(0)
        .radiusServer("string")
        .rates11acMcsMap("string")
        .rates11acSs12s("string")
        .rates11acSs34s("string")
        .rates11as("string")
        .rates11axMcsMap("string")
        .rates11axSs12s("string")
        .rates11axSs34s("string")
        .rates11bgs("string")
        .rates11nSs12s("string")
        .rates11nSs34s("string")
        .roamingAcctInterimUpdate("string")
        .saeGroups("string")
        .saeH2eOnly("string")
        .saeHnpOnly("string")
        .saePasswords("string")
        .saePk("string")
        .saePrivateKey("string")
        .scanBotnetConnections("string")
        .schedule("string")
        .secondaryWagProfile("string")
        .security("string")
        .securityExemptList("string")
        .securityObsoleteOption("string")
        .securityRedirectUrl("string")
        .selectedUsergroups("string")
        .splitTunneling("string")
        .ssid("string")
        .stickyClientRemove("string")
        .stickyClientThreshold2g("string")
        .stickyClientThreshold5g("string")
        .stickyClientThreshold6g("string")
        .targetWakeTime("string")
        .tkipCounterMeasure("string")
        .tunnelEchoInterval(0)
        .tunnelFallbackInterval(0)
        .usergroup("string")
        .utmLog("string")
        .utmProfile("string")
        .utmStatus("string")
        .vdom("string")
        .vlanAuto("string")
        .vlanPooling("string")
        .vlanid(0)
        .voiceEnterprise("string")
        .webfilterProfile("string")
        .build())
    .dynamicSortSubtable("string")
    .dynamicVlan("string")
    .eapReauth("string")
    .eapReauthIntv(0)
    .eapolKeyRetries("string")
    .encrypt("string")
    .externalFastRoaming("string")
    .externalLogout("string")
    .externalWeb("string")
    .externalWebFormat("string")
    .fastBssTransition("string")
    .fastRoaming("string")
    .ftMobilityDomain(0)
    .ftOverDs("string")
    .ftR0KeyLifetime(0)
    .gasComebackDelay(0)
    .gasFragmentationLimit(0)
    .gtkRekey("string")
    .gtkRekeyIntv(0)
    .highEfficiency("string")
    .hotspot20Profile("string")
    .igmpSnooping("string")
    .intraVapPrivacy("string")
    .ip("string")
    .ipsSensor("string")
    .ipv6Rules("string")
    .keyindex(0)
    .keys("string")
    .l3Roaming("string")
    .l3RoamingMode("string")
    .ldpc("string")
    .localAuthentication("string")
    .localBridging("string")
    .localLan("string")
    .localStandalone("string")
    .localStandaloneDns("string")
    .localStandaloneDnsIps("string")
    .localStandaloneNat("string")
    .macAuthBypass("string")
    .macCalledStationDelimiter("string")
    .macCallingStationDelimiter("string")
    .macCase("string")
    .macFilter("string")
    .macFilterLists(ObjectWirelesscontrollerVapMacFilterListArgs.builder()
        .id(0)
        .mac("string")
        .macFilterPolicy("string")
        .build())
    .macFilterPolicyOther("string")
    .macPasswordDelimiter("string")
    .macUsernameDelimiter("string")
    .maxClients(0)
    .maxClientsAp(0)
    .mbo("string")
    .mboCellDataConnPref("string")
    .meDisableThresh(0)
    .meshBackhaul("string")
    .mpsk("string")
    .mpskConcurrentClients(0)
    .mpskKeys(ObjectWirelesscontrollerVapMpskKeyArgs.builder()
        .comment("string")
        .concurrentClients("string")
        .keyName("string")
        .mpskSchedules("string")
        .passphrases("string")
        .build())
    .mpskProfile("string")
    .muMimo("string")
    .multicastEnhance("string")
    .multicastRate("string")
    .n80211k("string")
    .n80211v("string")
    .nac("string")
    .nacProfile("string")
    .name("string")
    .neighborReportDualBand("string")
    .objectWirelesscontrollerVapId("string")
    .okc("string")
    .osen("string")
    .oweGroups("string")
    .oweTransition("string")
    .oweTransitionSsid("string")
    .passphrases("string")
    .pmf("string")
    .pmfAssocComebackTimeout(0)
    .pmfSaQueryRetryTimeout(0)
    .portMacauth("string")
    .portMacauthReauthTimeout(0)
    .portMacauthTimeout(0)
    .portalMessageOverrideGroup("string")
    .portalMessageOverrides(ObjectWirelesscontrollerVapPortalMessageOverridesArgs.builder()
        .authDisclaimerPage("string")
        .authLoginFailedPage("string")
        .authLoginPage("string")
        .authRejectPage("string")
        .build())
    .portalType("string")
    .primaryWagProfile("string")
    .probeRespSuppression("string")
    .probeRespThreshold("string")
    .ptkRekey("string")
    .ptkRekeyIntv(0)
    .qosProfile("string")
    .quarantine("string")
    .radio2gThreshold("string")
    .radio5gThreshold("string")
    .radioSensitivity("string")
    .radiusMacAuth("string")
    .radiusMacAuthBlockInterval(0)
    .radiusMacAuthServer("string")
    .radiusMacAuthUsergroups("string")
    .radiusMacMpskAuth("string")
    .radiusMacMpskTimeout(0)
    .radiusServer("string")
    .rates11acMcsMap("string")
    .rates11acSs12s("string")
    .rates11acSs34s("string")
    .rates11as("string")
    .rates11axMcsMap("string")
    .rates11axSs12s("string")
    .rates11axSs34s("string")
    .rates11bgs("string")
    .rates11nSs12s("string")
    .rates11nSs34s("string")
    .roamingAcctInterimUpdate("string")
    .saeGroups("string")
    .saeH2eOnly("string")
    .saeHnpOnly("string")
    .saePasswords("string")
    .saePk("string")
    .saePrivateKey("string")
    .scanBotnetConnections("string")
    .schedules("string")
    .scopetype("string")
    .secondaryWagProfile("string")
    .security("string")
    .securityExemptList("string")
    .securityObsoleteOption("string")
    .securityRedirectUrl("string")
    .selectedUsergroups("string")
    .splitTunneling("string")
    .ssid("string")
    .stickyClientRemove("string")
    .stickyClientThreshold2g("string")
    .stickyClientThreshold5g("string")
    .stickyClientThreshold6g("string")
    .targetWakeTime("string")
    .tkipCounterMeasure("string")
    .tunnelEchoInterval(0)
    .tunnelFallbackInterval(0)
    .usergroup("string")
    .utmLog("string")
    .utmProfile("string")
    .utmStatus("string")
    .vdom("string")
    .vlanAuto("string")
    .vlanNames(ObjectWirelesscontrollerVapVlanNameArgs.builder()
        .name("string")
        .vlanId(0)
        .build())
    .vlanPooling("string")
    .vlanPools(ObjectWirelesscontrollerVapVlanPoolArgs.builder()
        ._wtpGroup("string")
        .id(0)
        .build())
    .vlanid(0)
    .voiceEnterprise("string")
    .webfilterProfile("string")
    .build());

    object_wirelesscontroller_vap_resource = fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource",
    _centmgmt="string",
    _dhcp_svr_id="string",
    _intf_allowaccesses=["string"],
    _intf_device_access_list="string",
    _intf_device_identification="string",
    _intf_device_netscan="string",
    _intf_dhcp6_relay_ip="string",
    _intf_dhcp6_relay_service="string",
    _intf_dhcp6_relay_type="string",
    _intf_dhcp_relay_ips=["string"],
    _intf_dhcp_relay_service="string",
    _intf_dhcp_relay_type="string",
    _intf_ip="string",
    _intf_ip6_address="string",
    _intf_ip6_allowaccesses=["string"],
    _intf_listen_forticlient_connection="string",
    _is_factory_setting="string",
    access_control_list="string",
    acct_interim_interval=0,
    additional_akms=["string"],
    address_group="string",
    address_group_policy="string",
    adom="string",
    alias="string",
    antivirus_profile="string",
    application_detection_engine="string",
    application_dscp_marking="string",
    application_list="string",
    application_report_intv=0,
    atf_weight=0,
    auth="string",
    auth_cert="string",
    auth_portal_addr="string",
    beacon_advertisings=["string"],
    broadcast_ssid="string",
    broadcast_suppressions=["string"],
    bss_color_partial="string",
    bstm_disassociation_imminent="string",
    bstm_load_balancing_disassoc_timer=0,
    bstm_rssi_disassoc_timer=0,
    captive_portal_ac_name="string",
    captive_portal_auth_timeout=0,
    captive_portal_fw_accounting="string",
    captive_portal_macauth_radius_secrets=["string"],
    captive_portal_macauth_radius_server="string",
    captive_portal_radius_secrets=["string"],
    captive_portal_radius_server="string",
    captive_portal_session_timeout_interval=0,
    dhcp_address_enforcement="string",
    dhcp_lease_time=0,
    dhcp_option43_insertion="string",
    dhcp_option82_circuit_id_insertion="string",
    dhcp_option82_insertion="string",
    dhcp_option82_remote_id_insertion="string",
    dynamic_mappings=[{
        "_centmgmt": "string",
        "_dhcp_svr_id": "string",
        "_intf_allowaccesses": ["string"],
        "_intf_device_access_list": "string",
        "_intf_device_identification": "string",
        "_intf_device_netscan": "string",
        "_intf_dhcp6_relay_ip": "string",
        "_intf_dhcp6_relay_service": "string",
        "_intf_dhcp6_relay_type": "string",
        "_intf_dhcp_relay_ips": ["string"],
        "_intf_dhcp_relay_service": "string",
        "_intf_dhcp_relay_type": "string",
        "_intf_ip": "string",
        "_intf_ip6_address": "string",
        "_intf_ip6_allowaccesses": ["string"],
        "_intf_listen_forticlient_connection": "string",
        "_is_factory_setting": "string",
        "_scopes": [{
            "name": "string",
            "vdom": "string",
        }],
        "access_control_list": "string",
        "acct_interim_interval": 0,
        "additional_akms": ["string"],
        "address_group": "string",
        "address_group_policy": "string",
        "alias": "string",
        "antivirus_profile": "string",
        "application_detection_engine": "string",
        "application_dscp_marking": "string",
        "application_list": "string",
        "application_report_intv": 0,
        "atf_weight": 0,
        "auth": "string",
        "auth_cert": "string",
        "auth_portal_addr": "string",
        "beacon_advertisings": ["string"],
        "broadcast_ssid": "string",
        "broadcast_suppressions": ["string"],
        "bss_color_partial": "string",
        "bstm_disassociation_imminent": "string",
        "bstm_load_balancing_disassoc_timer": 0,
        "bstm_rssi_disassoc_timer": 0,
        "captive_portal_ac_name": "string",
        "captive_portal_auth_timeout": 0,
        "captive_portal_fw_accounting": "string",
        "captive_portal_macauth_radius_secrets": ["string"],
        "captive_portal_macauth_radius_server": "string",
        "captive_portal_radius_secrets": ["string"],
        "captive_portal_radius_server": "string",
        "captive_portal_session_timeout_interval": 0,
        "client_count": 0,
        "dhcp_address_enforcement": "string",
        "dhcp_lease_time": 0,
        "dhcp_option43_insertion": "string",
        "dhcp_option82_circuit_id_insertion": "string",
        "dhcp_option82_insertion": "string",
        "dhcp_option82_remote_id_insertion": "string",
        "dynamic_vlan": "string",
        "eap_reauth": "string",
        "eap_reauth_intv": 0,
        "eapol_key_retries": "string",
        "encrypt": "string",
        "external_fast_roaming": "string",
        "external_logout": "string",
        "external_web": "string",
        "external_web_format": "string",
        "fast_bss_transition": "string",
        "fast_roaming": "string",
        "ft_mobility_domain": 0,
        "ft_over_ds": "string",
        "ft_r0_key_lifetime": 0,
        "gas_comeback_delay": 0,
        "gas_fragmentation_limit": 0,
        "gtk_rekey": "string",
        "gtk_rekey_intv": 0,
        "high_efficiency": "string",
        "hotspot20_profile": "string",
        "igmp_snooping": "string",
        "intra_vap_privacy": "string",
        "ip": "string",
        "ips_sensor": "string",
        "ipv6_rules": ["string"],
        "keyindex": 0,
        "keys": ["string"],
        "l3_roaming": "string",
        "l3_roaming_mode": "string",
        "ldpc": "string",
        "local_authentication": "string",
        "local_bridging": "string",
        "local_lan": "string",
        "local_standalone": "string",
        "local_standalone_dns": "string",
        "local_standalone_dns_ips": ["string"],
        "local_standalone_nat": "string",
        "local_switching": "string",
        "mac_auth_bypass": "string",
        "mac_called_station_delimiter": "string",
        "mac_calling_station_delimiter": "string",
        "mac_case": "string",
        "mac_filter": "string",
        "mac_filter_policy_other": "string",
        "mac_password_delimiter": "string",
        "mac_username_delimiter": "string",
        "max_clients": 0,
        "max_clients_ap": 0,
        "mbo": "string",
        "mbo_cell_data_conn_pref": "string",
        "me_disable_thresh": 0,
        "mesh_backhaul": "string",
        "mpsk": "string",
        "mpsk_concurrent_clients": 0,
        "mpsk_profile": "string",
        "mu_mimo": "string",
        "multicast_enhance": "string",
        "multicast_rate": "string",
        "n80211k": "string",
        "n80211v": "string",
        "nac": "string",
        "nac_profile": "string",
        "neighbor_report_dual_band": "string",
        "okc": "string",
        "osen": "string",
        "owe_groups": ["string"],
        "owe_transition": "string",
        "owe_transition_ssid": "string",
        "passphrases": ["string"],
        "pmf": "string",
        "pmf_assoc_comeback_timeout": 0,
        "pmf_sa_query_retry_timeout": 0,
        "port_macauth": "string",
        "port_macauth_reauth_timeout": 0,
        "port_macauth_timeout": 0,
        "portal_message_override_group": "string",
        "portal_type": "string",
        "primary_wag_profile": "string",
        "probe_resp_suppression": "string",
        "probe_resp_threshold": "string",
        "ptk_rekey": "string",
        "ptk_rekey_intv": 0,
        "qos_profile": "string",
        "quarantine": "string",
        "radio2g_threshold": "string",
        "radio5g_threshold": "string",
        "radio_sensitivity": "string",
        "radius_mac_auth": "string",
        "radius_mac_auth_block_interval": 0,
        "radius_mac_auth_server": "string",
        "radius_mac_auth_usergroups": ["string"],
        "radius_mac_mpsk_auth": "string",
        "radius_mac_mpsk_timeout": 0,
        "radius_server": "string",
        "rates11ac_mcs_map": "string",
        "rates11ac_ss12s": ["string"],
        "rates11ac_ss34s": ["string"],
        "rates11as": ["string"],
        "rates11ax_mcs_map": "string",
        "rates11ax_ss12s": ["string"],
        "rates11ax_ss34s": ["string"],
        "rates11bgs": ["string"],
        "rates11n_ss12s": ["string"],
        "rates11n_ss34s": ["string"],
        "roaming_acct_interim_update": "string",
        "sae_groups": ["string"],
        "sae_h2e_only": "string",
        "sae_hnp_only": "string",
        "sae_passwords": ["string"],
        "sae_pk": "string",
        "sae_private_key": "string",
        "scan_botnet_connections": "string",
        "schedule": "string",
        "secondary_wag_profile": "string",
        "security": "string",
        "security_exempt_list": "string",
        "security_obsolete_option": "string",
        "security_redirect_url": "string",
        "selected_usergroups": "string",
        "split_tunneling": "string",
        "ssid": "string",
        "sticky_client_remove": "string",
        "sticky_client_threshold2g": "string",
        "sticky_client_threshold5g": "string",
        "sticky_client_threshold6g": "string",
        "target_wake_time": "string",
        "tkip_counter_measure": "string",
        "tunnel_echo_interval": 0,
        "tunnel_fallback_interval": 0,
        "usergroup": "string",
        "utm_log": "string",
        "utm_profile": "string",
        "utm_status": "string",
        "vdom": "string",
        "vlan_auto": "string",
        "vlan_pooling": "string",
        "vlanid": 0,
        "voice_enterprise": "string",
        "webfilter_profile": "string",
    }],
    dynamic_sort_subtable="string",
    dynamic_vlan="string",
    eap_reauth="string",
    eap_reauth_intv=0,
    eapol_key_retries="string",
    encrypt="string",
    external_fast_roaming="string",
    external_logout="string",
    external_web="string",
    external_web_format="string",
    fast_bss_transition="string",
    fast_roaming="string",
    ft_mobility_domain=0,
    ft_over_ds="string",
    ft_r0_key_lifetime=0,
    gas_comeback_delay=0,
    gas_fragmentation_limit=0,
    gtk_rekey="string",
    gtk_rekey_intv=0,
    high_efficiency="string",
    hotspot20_profile="string",
    igmp_snooping="string",
    intra_vap_privacy="string",
    ip="string",
    ips_sensor="string",
    ipv6_rules=["string"],
    keyindex=0,
    keys=["string"],
    l3_roaming="string",
    l3_roaming_mode="string",
    ldpc="string",
    local_authentication="string",
    local_bridging="string",
    local_lan="string",
    local_standalone="string",
    local_standalone_dns="string",
    local_standalone_dns_ips=["string"],
    local_standalone_nat="string",
    mac_auth_bypass="string",
    mac_called_station_delimiter="string",
    mac_calling_station_delimiter="string",
    mac_case="string",
    mac_filter="string",
    mac_filter_lists=[{
        "id": 0,
        "mac": "string",
        "mac_filter_policy": "string",
    }],
    mac_filter_policy_other="string",
    mac_password_delimiter="string",
    mac_username_delimiter="string",
    max_clients=0,
    max_clients_ap=0,
    mbo="string",
    mbo_cell_data_conn_pref="string",
    me_disable_thresh=0,
    mesh_backhaul="string",
    mpsk="string",
    mpsk_concurrent_clients=0,
    mpsk_keys=[{
        "comment": "string",
        "concurrent_clients": "string",
        "key_name": "string",
        "mpsk_schedules": "string",
        "passphrases": ["string"],
    }],
    mpsk_profile="string",
    mu_mimo="string",
    multicast_enhance="string",
    multicast_rate="string",
    n80211k="string",
    n80211v="string",
    nac="string",
    nac_profile="string",
    name="string",
    neighbor_report_dual_band="string",
    object_wirelesscontroller_vap_id="string",
    okc="string",
    osen="string",
    owe_groups=["string"],
    owe_transition="string",
    owe_transition_ssid="string",
    passphrases=["string"],
    pmf="string",
    pmf_assoc_comeback_timeout=0,
    pmf_sa_query_retry_timeout=0,
    port_macauth="string",
    port_macauth_reauth_timeout=0,
    port_macauth_timeout=0,
    portal_message_override_group="string",
    portal_message_overrides={
        "auth_disclaimer_page": "string",
        "auth_login_failed_page": "string",
        "auth_login_page": "string",
        "auth_reject_page": "string",
    },
    portal_type="string",
    primary_wag_profile="string",
    probe_resp_suppression="string",
    probe_resp_threshold="string",
    ptk_rekey="string",
    ptk_rekey_intv=0,
    qos_profile="string",
    quarantine="string",
    radio2g_threshold="string",
    radio5g_threshold="string",
    radio_sensitivity="string",
    radius_mac_auth="string",
    radius_mac_auth_block_interval=0,
    radius_mac_auth_server="string",
    radius_mac_auth_usergroups=["string"],
    radius_mac_mpsk_auth="string",
    radius_mac_mpsk_timeout=0,
    radius_server="string",
    rates11ac_mcs_map="string",
    rates11ac_ss12s=["string"],
    rates11ac_ss34s=["string"],
    rates11as=["string"],
    rates11ax_mcs_map="string",
    rates11ax_ss12s=["string"],
    rates11ax_ss34s=["string"],
    rates11bgs=["string"],
    rates11n_ss12s=["string"],
    rates11n_ss34s=["string"],
    roaming_acct_interim_update="string",
    sae_groups=["string"],
    sae_h2e_only="string",
    sae_hnp_only="string",
    sae_passwords=["string"],
    sae_pk="string",
    sae_private_key="string",
    scan_botnet_connections="string",
    schedules=["string"],
    scopetype="string",
    secondary_wag_profile="string",
    security="string",
    security_exempt_list="string",
    security_obsolete_option="string",
    security_redirect_url="string",
    selected_usergroups="string",
    split_tunneling="string",
    ssid="string",
    sticky_client_remove="string",
    sticky_client_threshold2g="string",
    sticky_client_threshold5g="string",
    sticky_client_threshold6g="string",
    target_wake_time="string",
    tkip_counter_measure="string",
    tunnel_echo_interval=0,
    tunnel_fallback_interval=0,
    usergroup="string",
    utm_log="string",
    utm_profile="string",
    utm_status="string",
    vdom="string",
    vlan_auto="string",
    vlan_names=[{
        "name": "string",
        "vlan_id": 0,
    }],
    vlan_pooling="string",
    vlan_pools=[{
        "_wtp_group": "string",
        "id": 0,
    }],
    vlanid=0,
    voice_enterprise="string",
    webfilter_profile="string")

    const objectWirelesscontrollerVapResource = new fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", {
    _centmgmt: "string",
    _dhcpSvrId: "string",
    _intfAllowaccesses: ["string"],
    _intfDeviceAccessList: "string",
    _intfDeviceIdentification: "string",
    _intfDeviceNetscan: "string",
    _intfDhcp6RelayIp: "string",
    _intfDhcp6RelayService: "string",
    _intfDhcp6RelayType: "string",
    _intfDhcpRelayIps: ["string"],
    _intfDhcpRelayService: "string",
    _intfDhcpRelayType: "string",
    _intfIp: "string",
    _intfIp6Address: "string",
    _intfIp6Allowaccesses: ["string"],
    _intfListenForticlientConnection: "string",
    _isFactorySetting: "string",
    accessControlList: "string",
    acctInterimInterval: 0,
    additionalAkms: ["string"],
    addressGroup: "string",
    addressGroupPolicy: "string",
    adom: "string",
    alias: "string",
    antivirusProfile: "string",
    applicationDetectionEngine: "string",
    applicationDscpMarking: "string",
    applicationList: "string",
    applicationReportIntv: 0,
    atfWeight: 0,
    auth: "string",
    authCert: "string",
    authPortalAddr: "string",
    beaconAdvertisings: ["string"],
    broadcastSsid: "string",
    broadcastSuppressions: ["string"],
    bssColorPartial: "string",
    bstmDisassociationImminent: "string",
    bstmLoadBalancingDisassocTimer: 0,
    bstmRssiDisassocTimer: 0,
    captivePortalAcName: "string",
    captivePortalAuthTimeout: 0,
    captivePortalFwAccounting: "string",
    captivePortalMacauthRadiusSecrets: ["string"],
    captivePortalMacauthRadiusServer: "string",
    captivePortalRadiusSecrets: ["string"],
    captivePortalRadiusServer: "string",
    captivePortalSessionTimeoutInterval: 0,
    dhcpAddressEnforcement: "string",
    dhcpLeaseTime: 0,
    dhcpOption43Insertion: "string",
    dhcpOption82CircuitIdInsertion: "string",
    dhcpOption82Insertion: "string",
    dhcpOption82RemoteIdInsertion: "string",
    dynamicMappings: [{
        _centmgmt: "string",
        _dhcpSvrId: "string",
        _intfAllowaccesses: ["string"],
        _intfDeviceAccessList: "string",
        _intfDeviceIdentification: "string",
        _intfDeviceNetscan: "string",
        _intfDhcp6RelayIp: "string",
        _intfDhcp6RelayService: "string",
        _intfDhcp6RelayType: "string",
        _intfDhcpRelayIps: ["string"],
        _intfDhcpRelayService: "string",
        _intfDhcpRelayType: "string",
        _intfIp: "string",
        _intfIp6Address: "string",
        _intfIp6Allowaccesses: ["string"],
        _intfListenForticlientConnection: "string",
        _isFactorySetting: "string",
        _scopes: [{
            name: "string",
            vdom: "string",
        }],
        accessControlList: "string",
        acctInterimInterval: 0,
        additionalAkms: ["string"],
        addressGroup: "string",
        addressGroupPolicy: "string",
        alias: "string",
        antivirusProfile: "string",
        applicationDetectionEngine: "string",
        applicationDscpMarking: "string",
        applicationList: "string",
        applicationReportIntv: 0,
        atfWeight: 0,
        auth: "string",
        authCert: "string",
        authPortalAddr: "string",
        beaconAdvertisings: ["string"],
        broadcastSsid: "string",
        broadcastSuppressions: ["string"],
        bssColorPartial: "string",
        bstmDisassociationImminent: "string",
        bstmLoadBalancingDisassocTimer: 0,
        bstmRssiDisassocTimer: 0,
        captivePortalAcName: "string",
        captivePortalAuthTimeout: 0,
        captivePortalFwAccounting: "string",
        captivePortalMacauthRadiusSecrets: ["string"],
        captivePortalMacauthRadiusServer: "string",
        captivePortalRadiusSecrets: ["string"],
        captivePortalRadiusServer: "string",
        captivePortalSessionTimeoutInterval: 0,
        clientCount: 0,
        dhcpAddressEnforcement: "string",
        dhcpLeaseTime: 0,
        dhcpOption43Insertion: "string",
        dhcpOption82CircuitIdInsertion: "string",
        dhcpOption82Insertion: "string",
        dhcpOption82RemoteIdInsertion: "string",
        dynamicVlan: "string",
        eapReauth: "string",
        eapReauthIntv: 0,
        eapolKeyRetries: "string",
        encrypt: "string",
        externalFastRoaming: "string",
        externalLogout: "string",
        externalWeb: "string",
        externalWebFormat: "string",
        fastBssTransition: "string",
        fastRoaming: "string",
        ftMobilityDomain: 0,
        ftOverDs: "string",
        ftR0KeyLifetime: 0,
        gasComebackDelay: 0,
        gasFragmentationLimit: 0,
        gtkRekey: "string",
        gtkRekeyIntv: 0,
        highEfficiency: "string",
        hotspot20Profile: "string",
        igmpSnooping: "string",
        intraVapPrivacy: "string",
        ip: "string",
        ipsSensor: "string",
        ipv6Rules: ["string"],
        keyindex: 0,
        keys: ["string"],
        l3Roaming: "string",
        l3RoamingMode: "string",
        ldpc: "string",
        localAuthentication: "string",
        localBridging: "string",
        localLan: "string",
        localStandalone: "string",
        localStandaloneDns: "string",
        localStandaloneDnsIps: ["string"],
        localStandaloneNat: "string",
        localSwitching: "string",
        macAuthBypass: "string",
        macCalledStationDelimiter: "string",
        macCallingStationDelimiter: "string",
        macCase: "string",
        macFilter: "string",
        macFilterPolicyOther: "string",
        macPasswordDelimiter: "string",
        macUsernameDelimiter: "string",
        maxClients: 0,
        maxClientsAp: 0,
        mbo: "string",
        mboCellDataConnPref: "string",
        meDisableThresh: 0,
        meshBackhaul: "string",
        mpsk: "string",
        mpskConcurrentClients: 0,
        mpskProfile: "string",
        muMimo: "string",
        multicastEnhance: "string",
        multicastRate: "string",
        n80211k: "string",
        n80211v: "string",
        nac: "string",
        nacProfile: "string",
        neighborReportDualBand: "string",
        okc: "string",
        osen: "string",
        oweGroups: ["string"],
        oweTransition: "string",
        oweTransitionSsid: "string",
        passphrases: ["string"],
        pmf: "string",
        pmfAssocComebackTimeout: 0,
        pmfSaQueryRetryTimeout: 0,
        portMacauth: "string",
        portMacauthReauthTimeout: 0,
        portMacauthTimeout: 0,
        portalMessageOverrideGroup: "string",
        portalType: "string",
        primaryWagProfile: "string",
        probeRespSuppression: "string",
        probeRespThreshold: "string",
        ptkRekey: "string",
        ptkRekeyIntv: 0,
        qosProfile: "string",
        quarantine: "string",
        radio2gThreshold: "string",
        radio5gThreshold: "string",
        radioSensitivity: "string",
        radiusMacAuth: "string",
        radiusMacAuthBlockInterval: 0,
        radiusMacAuthServer: "string",
        radiusMacAuthUsergroups: ["string"],
        radiusMacMpskAuth: "string",
        radiusMacMpskTimeout: 0,
        radiusServer: "string",
        rates11acMcsMap: "string",
        rates11acSs12s: ["string"],
        rates11acSs34s: ["string"],
        rates11as: ["string"],
        rates11axMcsMap: "string",
        rates11axSs12s: ["string"],
        rates11axSs34s: ["string"],
        rates11bgs: ["string"],
        rates11nSs12s: ["string"],
        rates11nSs34s: ["string"],
        roamingAcctInterimUpdate: "string",
        saeGroups: ["string"],
        saeH2eOnly: "string",
        saeHnpOnly: "string",
        saePasswords: ["string"],
        saePk: "string",
        saePrivateKey: "string",
        scanBotnetConnections: "string",
        schedule: "string",
        secondaryWagProfile: "string",
        security: "string",
        securityExemptList: "string",
        securityObsoleteOption: "string",
        securityRedirectUrl: "string",
        selectedUsergroups: "string",
        splitTunneling: "string",
        ssid: "string",
        stickyClientRemove: "string",
        stickyClientThreshold2g: "string",
        stickyClientThreshold5g: "string",
        stickyClientThreshold6g: "string",
        targetWakeTime: "string",
        tkipCounterMeasure: "string",
        tunnelEchoInterval: 0,
        tunnelFallbackInterval: 0,
        usergroup: "string",
        utmLog: "string",
        utmProfile: "string",
        utmStatus: "string",
        vdom: "string",
        vlanAuto: "string",
        vlanPooling: "string",
        vlanid: 0,
        voiceEnterprise: "string",
        webfilterProfile: "string",
    }],
    dynamicSortSubtable: "string",
    dynamicVlan: "string",
    eapReauth: "string",
    eapReauthIntv: 0,
    eapolKeyRetries: "string",
    encrypt: "string",
    externalFastRoaming: "string",
    externalLogout: "string",
    externalWeb: "string",
    externalWebFormat: "string",
    fastBssTransition: "string",
    fastRoaming: "string",
    ftMobilityDomain: 0,
    ftOverDs: "string",
    ftR0KeyLifetime: 0,
    gasComebackDelay: 0,
    gasFragmentationLimit: 0,
    gtkRekey: "string",
    gtkRekeyIntv: 0,
    highEfficiency: "string",
    hotspot20Profile: "string",
    igmpSnooping: "string",
    intraVapPrivacy: "string",
    ip: "string",
    ipsSensor: "string",
    ipv6Rules: ["string"],
    keyindex: 0,
    keys: ["string"],
    l3Roaming: "string",
    l3RoamingMode: "string",
    ldpc: "string",
    localAuthentication: "string",
    localBridging: "string",
    localLan: "string",
    localStandalone: "string",
    localStandaloneDns: "string",
    localStandaloneDnsIps: ["string"],
    localStandaloneNat: "string",
    macAuthBypass: "string",
    macCalledStationDelimiter: "string",
    macCallingStationDelimiter: "string",
    macCase: "string",
    macFilter: "string",
    macFilterLists: [{
        id: 0,
        mac: "string",
        macFilterPolicy: "string",
    }],
    macFilterPolicyOther: "string",
    macPasswordDelimiter: "string",
    macUsernameDelimiter: "string",
    maxClients: 0,
    maxClientsAp: 0,
    mbo: "string",
    mboCellDataConnPref: "string",
    meDisableThresh: 0,
    meshBackhaul: "string",
    mpsk: "string",
    mpskConcurrentClients: 0,
    mpskKeys: [{
        comment: "string",
        concurrentClients: "string",
        keyName: "string",
        mpskSchedules: "string",
        passphrases: ["string"],
    }],
    mpskProfile: "string",
    muMimo: "string",
    multicastEnhance: "string",
    multicastRate: "string",
    n80211k: "string",
    n80211v: "string",
    nac: "string",
    nacProfile: "string",
    name: "string",
    neighborReportDualBand: "string",
    objectWirelesscontrollerVapId: "string",
    okc: "string",
    osen: "string",
    oweGroups: ["string"],
    oweTransition: "string",
    oweTransitionSsid: "string",
    passphrases: ["string"],
    pmf: "string",
    pmfAssocComebackTimeout: 0,
    pmfSaQueryRetryTimeout: 0,
    portMacauth: "string",
    portMacauthReauthTimeout: 0,
    portMacauthTimeout: 0,
    portalMessageOverrideGroup: "string",
    portalMessageOverrides: {
        authDisclaimerPage: "string",
        authLoginFailedPage: "string",
        authLoginPage: "string",
        authRejectPage: "string",
    },
    portalType: "string",
    primaryWagProfile: "string",
    probeRespSuppression: "string",
    probeRespThreshold: "string",
    ptkRekey: "string",
    ptkRekeyIntv: 0,
    qosProfile: "string",
    quarantine: "string",
    radio2gThreshold: "string",
    radio5gThreshold: "string",
    radioSensitivity: "string",
    radiusMacAuth: "string",
    radiusMacAuthBlockInterval: 0,
    radiusMacAuthServer: "string",
    radiusMacAuthUsergroups: ["string"],
    radiusMacMpskAuth: "string",
    radiusMacMpskTimeout: 0,
    radiusServer: "string",
    rates11acMcsMap: "string",
    rates11acSs12s: ["string"],
    rates11acSs34s: ["string"],
    rates11as: ["string"],
    rates11axMcsMap: "string",
    rates11axSs12s: ["string"],
    rates11axSs34s: ["string"],
    rates11bgs: ["string"],
    rates11nSs12s: ["string"],
    rates11nSs34s: ["string"],
    roamingAcctInterimUpdate: "string",
    saeGroups: ["string"],
    saeH2eOnly: "string",
    saeHnpOnly: "string",
    saePasswords: ["string"],
    saePk: "string",
    saePrivateKey: "string",
    scanBotnetConnections: "string",
    schedules: ["string"],
    scopetype: "string",
    secondaryWagProfile: "string",
    security: "string",
    securityExemptList: "string",
    securityObsoleteOption: "string",
    securityRedirectUrl: "string",
    selectedUsergroups: "string",
    splitTunneling: "string",
    ssid: "string",
    stickyClientRemove: "string",
    stickyClientThreshold2g: "string",
    stickyClientThreshold5g: "string",
    stickyClientThreshold6g: "string",
    targetWakeTime: "string",
    tkipCounterMeasure: "string",
    tunnelEchoInterval: 0,
    tunnelFallbackInterval: 0,
    usergroup: "string",
    utmLog: "string",
    utmProfile: "string",
    utmStatus: "string",
    vdom: "string",
    vlanAuto: "string",
    vlanNames: [{
        name: "string",
        vlanId: 0,
    }],
    vlanPooling: "string",
    vlanPools: [{
        _wtpGroup: "string",
        id: 0,
    }],
    vlanid: 0,
    voiceEnterprise: "string",
    webfilterProfile: "string",
});

    type: fortimanager:ObjectWirelesscontrollerVap
properties:
    _centmgmt: string
    _dhcpSvrId: string
    _intfAllowaccesses:
        - string
    _intfDeviceAccessList: string
    _intfDeviceIdentification: string
    _intfDeviceNetscan: string
    _intfDhcp6RelayIp: string
    _intfDhcp6RelayService: string
    _intfDhcp6RelayType: string
    _intfDhcpRelayIps:
        - string
    _intfDhcpRelayService: string
    _intfDhcpRelayType: string
    _intfIp: string
    _intfIp6Address: string
    _intfIp6Allowaccesses:
        - string
    _intfListenForticlientConnection: string
    _isFactorySetting: string
    accessControlList: string
    acctInterimInterval: 0
    additionalAkms:
        - string
    addressGroup: string
    addressGroupPolicy: string
    adom: string
    alias: string
    antivirusProfile: string
    applicationDetectionEngine: string
    applicationDscpMarking: string
    applicationList: string
    applicationReportIntv: 0
    atfWeight: 0
    auth: string
    authCert: string
    authPortalAddr: string
    beaconAdvertisings:
        - string
    broadcastSsid: string
    broadcastSuppressions:
        - string
    bssColorPartial: string
    bstmDisassociationImminent: string
    bstmLoadBalancingDisassocTimer: 0
    bstmRssiDisassocTimer: 0
    captivePortalAcName: string
    captivePortalAuthTimeout: 0
    captivePortalFwAccounting: string
    captivePortalMacauthRadiusSecrets:
        - string
    captivePortalMacauthRadiusServer: string
    captivePortalRadiusSecrets:
        - string
    captivePortalRadiusServer: string
    captivePortalSessionTimeoutInterval: 0
    dhcpAddressEnforcement: string
    dhcpLeaseTime: 0
    dhcpOption43Insertion: string
    dhcpOption82CircuitIdInsertion: string
    dhcpOption82Insertion: string
    dhcpOption82RemoteIdInsertion: string
    dynamicMappings:
        - _centmgmt: string
          _dhcpSvrId: string
          _intfAllowaccesses:
            - string
          _intfDeviceAccessList: string
          _intfDeviceIdentification: string
          _intfDeviceNetscan: string
          _intfDhcp6RelayIp: string
          _intfDhcp6RelayService: string
          _intfDhcp6RelayType: string
          _intfDhcpRelayIps:
            - string
          _intfDhcpRelayService: string
          _intfDhcpRelayType: string
          _intfIp: string
          _intfIp6Address: string
          _intfIp6Allowaccesses:
            - string
          _intfListenForticlientConnection: string
          _isFactorySetting: string
          _scopes:
            - name: string
              vdom: string
          accessControlList: string
          acctInterimInterval: 0
          additionalAkms:
            - string
          addressGroup: string
          addressGroupPolicy: string
          alias: string
          antivirusProfile: string
          applicationDetectionEngine: string
          applicationDscpMarking: string
          applicationList: string
          applicationReportIntv: 0
          atfWeight: 0
          auth: string
          authCert: string
          authPortalAddr: string
          beaconAdvertisings:
            - string
          broadcastSsid: string
          broadcastSuppressions:
            - string
          bssColorPartial: string
          bstmDisassociationImminent: string
          bstmLoadBalancingDisassocTimer: 0
          bstmRssiDisassocTimer: 0
          captivePortalAcName: string
          captivePortalAuthTimeout: 0
          captivePortalFwAccounting: string
          captivePortalMacauthRadiusSecrets:
            - string
          captivePortalMacauthRadiusServer: string
          captivePortalRadiusSecrets:
            - string
          captivePortalRadiusServer: string
          captivePortalSessionTimeoutInterval: 0
          clientCount: 0
          dhcpAddressEnforcement: string
          dhcpLeaseTime: 0
          dhcpOption43Insertion: string
          dhcpOption82CircuitIdInsertion: string
          dhcpOption82Insertion: string
          dhcpOption82RemoteIdInsertion: string
          dynamicVlan: string
          eapReauth: string
          eapReauthIntv: 0
          eapolKeyRetries: string
          encrypt: string
          externalFastRoaming: string
          externalLogout: string
          externalWeb: string
          externalWebFormat: string
          fastBssTransition: string
          fastRoaming: string
          ftMobilityDomain: 0
          ftOverDs: string
          ftR0KeyLifetime: 0
          gasComebackDelay: 0
          gasFragmentationLimit: 0
          gtkRekey: string
          gtkRekeyIntv: 0
          highEfficiency: string
          hotspot20Profile: string
          igmpSnooping: string
          intraVapPrivacy: string
          ip: string
          ipsSensor: string
          ipv6Rules:
            - string
          keyindex: 0
          keys:
            - string
          l3Roaming: string
          l3RoamingMode: string
          ldpc: string
          localAuthentication: string
          localBridging: string
          localLan: string
          localStandalone: string
          localStandaloneDns: string
          localStandaloneDnsIps:
            - string
          localStandaloneNat: string
          localSwitching: string
          macAuthBypass: string
          macCalledStationDelimiter: string
          macCallingStationDelimiter: string
          macCase: string
          macFilter: string
          macFilterPolicyOther: string
          macPasswordDelimiter: string
          macUsernameDelimiter: string
          maxClients: 0
          maxClientsAp: 0
          mbo: string
          mboCellDataConnPref: string
          meDisableThresh: 0
          meshBackhaul: string
          mpsk: string
          mpskConcurrentClients: 0
          mpskProfile: string
          muMimo: string
          multicastEnhance: string
          multicastRate: string
          n80211k: string
          n80211v: string
          nac: string
          nacProfile: string
          neighborReportDualBand: string
          okc: string
          osen: string
          oweGroups:
            - string
          oweTransition: string
          oweTransitionSsid: string
          passphrases:
            - string
          pmf: string
          pmfAssocComebackTimeout: 0
          pmfSaQueryRetryTimeout: 0
          portMacauth: string
          portMacauthReauthTimeout: 0
          portMacauthTimeout: 0
          portalMessageOverrideGroup: string
          portalType: string
          primaryWagProfile: string
          probeRespSuppression: string
          probeRespThreshold: string
          ptkRekey: string
          ptkRekeyIntv: 0
          qosProfile: string
          quarantine: string
          radio2gThreshold: string
          radio5gThreshold: string
          radioSensitivity: string
          radiusMacAuth: string
          radiusMacAuthBlockInterval: 0
          radiusMacAuthServer: string
          radiusMacAuthUsergroups:
            - string
          radiusMacMpskAuth: string
          radiusMacMpskTimeout: 0
          radiusServer: string
          rates11acMcsMap: string
          rates11acSs12s:
            - string
          rates11acSs34s:
            - string
          rates11as:
            - string
          rates11axMcsMap: string
          rates11axSs12s:
            - string
          rates11axSs34s:
            - string
          rates11bgs:
            - string
          rates11nSs12s:
            - string
          rates11nSs34s:
            - string
          roamingAcctInterimUpdate: string
          saeGroups:
            - string
          saeH2eOnly: string
          saeHnpOnly: string
          saePasswords:
            - string
          saePk: string
          saePrivateKey: string
          scanBotnetConnections: string
          schedule: string
          secondaryWagProfile: string
          security: string
          securityExemptList: string
          securityObsoleteOption: string
          securityRedirectUrl: string
          selectedUsergroups: string
          splitTunneling: string
          ssid: string
          stickyClientRemove: string
          stickyClientThreshold2g: string
          stickyClientThreshold5g: string
          stickyClientThreshold6g: string
          targetWakeTime: string
          tkipCounterMeasure: string
          tunnelEchoInterval: 0
          tunnelFallbackInterval: 0
          usergroup: string
          utmLog: string
          utmProfile: string
          utmStatus: string
          vdom: string
          vlanAuto: string
          vlanPooling: string
          vlanid: 0
          voiceEnterprise: string
          webfilterProfile: string
    dynamicSortSubtable: string
    dynamicVlan: string
    eapReauth: string
    eapReauthIntv: 0
    eapolKeyRetries: string
    encrypt: string
    externalFastRoaming: string
    externalLogout: string
    externalWeb: string
    externalWebFormat: string
    fastBssTransition: string
    fastRoaming: string
    ftMobilityDomain: 0
    ftOverDs: string
    ftR0KeyLifetime: 0
    gasComebackDelay: 0
    gasFragmentationLimit: 0
    gtkRekey: string
    gtkRekeyIntv: 0
    highEfficiency: string
    hotspot20Profile: string
    igmpSnooping: string
    intraVapPrivacy: string
    ip: string
    ipsSensor: string
    ipv6Rules:
        - string
    keyindex: 0
    keys:
        - string
    l3Roaming: string
    l3RoamingMode: string
    ldpc: string
    localAuthentication: string
    localBridging: string
    localLan: string
    localStandalone: string
    localStandaloneDns: string
    localStandaloneDnsIps:
        - string
    localStandaloneNat: string
    macAuthBypass: string
    macCalledStationDelimiter: string
    macCallingStationDelimiter: string
    macCase: string
    macFilter: string
    macFilterLists:
        - id: 0
          mac: string
          macFilterPolicy: string
    macFilterPolicyOther: string
    macPasswordDelimiter: string
    macUsernameDelimiter: string
    maxClients: 0
    maxClientsAp: 0
    mbo: string
    mboCellDataConnPref: string
    meDisableThresh: 0
    meshBackhaul: string
    mpsk: string
    mpskConcurrentClients: 0
    mpskKeys:
        - comment: string
          concurrentClients: string
          keyName: string
          mpskSchedules: string
          passphrases:
            - string
    mpskProfile: string
    muMimo: string
    multicastEnhance: string
    multicastRate: string
    n80211k: string
    n80211v: string
    nac: string
    nacProfile: string
    name: string
    neighborReportDualBand: string
    objectWirelesscontrollerVapId: string
    okc: string
    osen: string
    oweGroups:
        - string
    oweTransition: string
    oweTransitionSsid: string
    passphrases:
        - string
    pmf: string
    pmfAssocComebackTimeout: 0
    pmfSaQueryRetryTimeout: 0
    portMacauth: string
    portMacauthReauthTimeout: 0
    portMacauthTimeout: 0
    portalMessageOverrideGroup: string
    portalMessageOverrides:
        authDisclaimerPage: string
        authLoginFailedPage: string
        authLoginPage: string
        authRejectPage: string
    portalType: string
    primaryWagProfile: string
    probeRespSuppression: string
    probeRespThreshold: string
    ptkRekey: string
    ptkRekeyIntv: 0
    qosProfile: string
    quarantine: string
    radio2gThreshold: string
    radio5gThreshold: string
    radioSensitivity: string
    radiusMacAuth: string
    radiusMacAuthBlockInterval: 0
    radiusMacAuthServer: string
    radiusMacAuthUsergroups:
        - string
    radiusMacMpskAuth: string
    radiusMacMpskTimeout: 0
    radiusServer: string
    rates11acMcsMap: string
    rates11acSs12s:
        - string
    rates11acSs34s:
        - string
    rates11as:
        - string
    rates11axMcsMap: string
    rates11axSs12s:
        - string
    rates11axSs34s:
        - string
    rates11bgs:
        - string
    rates11nSs12s:
        - string
    rates11nSs34s:
        - string
    roamingAcctInterimUpdate: string
    saeGroups:
        - string
    saeH2eOnly: string
    saeHnpOnly: string
    saePasswords:
        - string
    saePk: string
    saePrivateKey: string
    scanBotnetConnections: string
    schedules:
        - string
    scopetype: string
    secondaryWagProfile: string
    security: string
    securityExemptList: string
    securityObsoleteOption: string
    securityRedirectUrl: string
    selectedUsergroups: string
    splitTunneling: string
    ssid: string
    stickyClientRemove: string
    stickyClientThreshold2g: string
    stickyClientThreshold5g: string
    stickyClientThreshold6g: string
    targetWakeTime: string
    tkipCounterMeasure: string
    tunnelEchoInterval: 0
    tunnelFallbackInterval: 0
    usergroup: string
    utmLog: string
    utmProfile: string
    utmStatus: string
    vdom: string
    vlanAuto: string
    vlanNames:
        - name: string
          vlanId: 0
    vlanPooling: string
    vlanPools:
        - _wtpGroup: string
          id: 0
    vlanid: 0
    voiceEnterprise: string
    webfilterProfile: string

    ObjectWirelesscontrollerVap Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ObjectWirelesscontrollerVap resource accepts the following input properties:

    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms List<string>
    Additional AKMs. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv double
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight double
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings List<string>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions List<string>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout double
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets List<string>
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets List<string>
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval double
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    DhcpLeaseTime double
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicMappings List<ObjectWirelesscontrollerVapDynamicMapping>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    DynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay double
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit double
    GAS fragmentation limit (512 - 4096, default = 1024).
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules List<string>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex double
    WEP key index (1 - 4).
    Keys List<string>
    WEP Key.
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps List<string>
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterLists List<ObjectWirelesscontrollerVapMacFilterList>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskKeys List<ObjectWirelesscontrollerVapMpskKey>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: disable, enable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    ObjectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups List<string>
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases List<string>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout double
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout double
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups List<string>
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s List<string>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s List<string>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as List<string>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s List<string>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s List<string>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs List<string>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s List<string>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s List<string>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups List<string>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords List<string>
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedules List<string>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    Scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Name of the VDOM that the Virtual AP has been added to.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanNames List<ObjectWirelesscontrollerVapVlanName>
    Vlan-Name. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools List<ObjectWirelesscontrollerVapVlanPool>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    Vlanid double
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<string>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<string>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<string>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval float64
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms []string
    Additional AKMs. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv float64
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight float64
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings []string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions []string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer float64
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer float64
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout float64
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets []string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets []string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval float64
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    DhcpLeaseTime float64
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicMappings []ObjectWirelesscontrollerVapDynamicMappingTypeArgs
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    DynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv float64
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain float64
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime float64
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay float64
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit float64
    GAS fragmentation limit (512 - 4096, default = 1024).
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv float64
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules []string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex float64
    WEP key index (1 - 4).
    Keys []string
    WEP Key.
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps []string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterLists []ObjectWirelesscontrollerVapMacFilterListTypeArgs
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients float64
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp float64
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh float64
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients float64
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskKeys []ObjectWirelesscontrollerVapMpskKeyArgs
    Mpsk-Key. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: disable, enable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    ObjectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups []string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases []string
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout float64
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout float64
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout float64
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout float64
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverridesTypeArgs
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv float64
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval float64
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups []string
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout float64
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s []string
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s []string
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as []string
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s []string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s []string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs []string
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s []string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s []string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups []string
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords []string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedules []string
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    Scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval float64
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval float64
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Name of the VDOM that the Virtual AP has been added to.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanNames []ObjectWirelesscontrollerVapVlanNameTypeArgs
    Vlan-Name. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools []ObjectWirelesscontrollerVapVlanPoolTypeArgs
    Vlan-Pool. The structure of vlan_pool block is documented below.
    Vlanid float64
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses []string
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps []string
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses []string
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional AKMs. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom String
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Double
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Double
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Double
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Double
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime Double
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings List<ObjectWirelesscontrollerVapDynamicMapping>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable String
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Double
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Double
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Double
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists List<ObjectWirelesscontrollerVapMacFilterList>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys List<ObjectWirelesscontrollerVapMpskKey>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId String
    an identifier for the resource with format {{name}}.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Double
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Double
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules List<String>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype String
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames List<ObjectWirelesscontrollerVapVlanName>
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<ObjectWirelesscontrollerVapVlanPool>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid Double
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses string[]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps string[]
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses string[]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList string
    access-control-list profile name.
    acctInterimInterval number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms string[]
    Additional AKMs. Valid values: akm6.
    addressGroup string
    Address group ID.
    addressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias string
    Alias.
    antivirusProfile string
    AntiVirus profile name.
    applicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList string
    Application control list name.
    applicationReportIntv number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight number
    Airtime weight in percentage (default = 20).
    auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert string
    HTTPS server certificate.
    authPortalAddr string
    Address of captive portal.
    beaconAdvertisings string[]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions string[]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName string
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets string[]
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets string[]
    Secret key to access the RADIUS server.
    captivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings ObjectWirelesscontrollerVapDynamicMapping[]
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout string
    URL of external authentication logout server.
    externalWeb string
    URL of external authentication web server.
    externalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit number
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile string
    Hotspot 2.0 profile name.
    igmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip string
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor string
    IPS sensor name.
    ipv6Rules string[]
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex number
    WEP key index (1 - 4).
    keys string[]
    WEP Key.
    l3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps string[]
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists ObjectWirelesscontrollerVapMacFilterList[]
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys ObjectWirelesscontrollerVapMpskKey[]
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile string
    MPSK profile name.
    muMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac string
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile string
    NAC profile name.
    name string
    Virtual AP name.
    neighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups string[]
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid string
    OWE transition mode peer SSID.
    passphrases string[]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile string
    Primary wireless access gateway profile name.
    probeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile string
    Quality of service profile name.
    quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer string
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups string[]
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer string
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s string[]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s string[]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as string[]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s string[]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s string[]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs string[]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s string[]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s string[]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups string[]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords string[]
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules string[]
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile string
    Secondary wireless access gateway profile name.
    security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList string
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups string
    Selective user groups that are permitted to authenticate.
    splitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup string
    Firewall user group to be used to authenticate WiFi users.
    utmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile string
    UTM profile name.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom string
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames ObjectWirelesscontrollerVapVlanName[]
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools ObjectWirelesscontrollerVapVlanPool[]
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid number
    Optional VLAN ID.
    voiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile string
    WebFilter profile name.
    _centmgmt str
    _Centmgmt. Valid values: disable, enable.
    _dhcp_svr_id str
    _Dhcp_Svr_Id.
    _intf_allowaccesses Sequence[str]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intf_device_access_list str
    _Intf_Device-Access-List.
    _intf_device_identification str
    _Intf_Device-Identification. Valid values: disable, enable.
    _intf_device_netscan str
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intf_dhcp6_relay_ip str
    _Intf_Dhcp6-Relay-Ip.
    _intf_dhcp6_relay_service str
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intf_dhcp6_relay_type str
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intf_dhcp_relay_ips Sequence[str]
    _Intf_Dhcp-Relay-Ip.
    _intf_dhcp_relay_service str
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intf_dhcp_relay_type str
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intf_ip str
    _Intf_Ip.
    _intf_ip6_address str
    _Intf_Ip6-Address.
    _intf_ip6_allowaccesses Sequence[str]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intf_listen_forticlient_connection str
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _is_factory_setting str
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    access_control_list str
    access-control-list profile name.
    acct_interim_interval float
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additional_akms Sequence[str]
    Additional AKMs. Valid values: akm6.
    address_group str
    Address group ID.
    address_group_policy str
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom str
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias str
    Alias.
    antivirus_profile str
    AntiVirus profile name.
    application_detection_engine str
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    application_dscp_marking str
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    application_list str
    Application control list name.
    application_report_intv float
    Application report interval (30 - 864000 sec, default = 120).
    atf_weight float
    Airtime weight in percentage (default = 20).
    auth str
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    auth_cert str
    HTTPS server certificate.
    auth_portal_addr str
    Address of captive portal.
    beacon_advertisings Sequence[str]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcast_ssid str
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcast_suppressions Sequence[str]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bss_color_partial str
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstm_disassociation_imminent str
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstm_load_balancing_disassoc_timer float
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstm_rssi_disassoc_timer float
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captive_portal_ac_name str
    Local-bridging captive portal ac-name.
    captive_portal_auth_timeout float
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captive_portal_fw_accounting str
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captive_portal_macauth_radius_secrets Sequence[str]
    Secret key to access the macauth RADIUS server.
    captive_portal_macauth_radius_server str
    Captive portal external RADIUS server domain name or IP address.
    captive_portal_radius_secrets Sequence[str]
    Secret key to access the RADIUS server.
    captive_portal_radius_server str
    Captive portal RADIUS server domain name or IP address.
    captive_portal_session_timeout_interval float
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcp_address_enforcement str
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcp_lease_time float
    DHCP lease time in seconds for NAT IP address.
    dhcp_option43_insertion str
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcp_option82_circuit_id_insertion str
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcp_option82_insertion str
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcp_option82_remote_id_insertion str
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamic_mappings Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamic_sort_subtable str
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamic_vlan str
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eap_reauth str
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eap_reauth_intv float
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapol_key_retries str
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt str
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    external_fast_roaming str
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    external_logout str
    URL of external authentication logout server.
    external_web str
    URL of external authentication web server.
    external_web_format str
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fast_bss_transition str
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fast_roaming str
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ft_mobility_domain float
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ft_over_ds str
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ft_r0_key_lifetime float
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gas_comeback_delay float
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gas_fragmentation_limit float
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtk_rekey str
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtk_rekey_intv float
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    high_efficiency str
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20_profile str
    Hotspot 2.0 profile name.
    igmp_snooping str
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intra_vap_privacy str
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip str
    IP address and subnet mask for the local standalone NAT subnet.
    ips_sensor str
    IPS sensor name.
    ipv6_rules Sequence[str]
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex float
    WEP key index (1 - 4).
    keys Sequence[str]
    WEP Key.
    l3_roaming str
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3_roaming_mode str
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc str
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    local_authentication str
    Enable/disable AP local authentication. Valid values: disable, enable.
    local_bridging str
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    local_lan str
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    local_standalone str
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    local_standalone_dns str
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    local_standalone_dns_ips Sequence[str]
    IPv4 addresses for the local standalone DNS.
    local_standalone_nat str
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    mac_auth_bypass str
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    mac_called_station_delimiter str
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_calling_station_delimiter str
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_case str
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    mac_filter str
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    mac_filter_lists Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    mac_filter_policy_other str
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    max_clients float
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    max_clients_ap float
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo str
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mbo_cell_data_conn_pref str
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    me_disable_thresh float
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    mesh_backhaul str
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk str
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpsk_concurrent_clients float
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpsk_keys Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpsk_profile str
    MPSK profile name.
    mu_mimo str
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicast_enhance str
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicast_rate str
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k str
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v str
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac str
    Enable/disable network access control. Valid values: disable, enable.
    nac_profile str
    NAC profile name.
    name str
    Virtual AP name.
    neighbor_report_dual_band str
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    object_wirelesscontroller_vap_id str
    an identifier for the resource with format {{name}}.
    okc str
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen str
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    owe_groups Sequence[str]
    OWE-Groups. Valid values: 19, 20, 21.
    owe_transition str
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    owe_transition_ssid str
    OWE transition mode peer SSID.
    passphrases Sequence[str]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf str
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmf_assoc_comeback_timeout float
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmf_sa_query_retry_timeout float
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    port_macauth str
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    port_macauth_reauth_timeout float
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    port_macauth_timeout float
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portal_message_override_group str
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portal_message_overrides ObjectWirelesscontrollerVapPortalMessageOverridesArgs
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portal_type str
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primary_wag_profile str
    Primary wireless access gateway profile name.
    probe_resp_suppression str
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probe_resp_threshold str
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptk_rekey str
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptk_rekey_intv float
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qos_profile str
    Quality of service profile name.
    quarantine str
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radio_sensitivity str
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radius_mac_auth str
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radius_mac_auth_block_interval float
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radius_mac_auth_server str
    RADIUS-based MAC authentication server.
    radius_mac_auth_usergroups Sequence[str]
    Selective user groups that are permitted for RADIUS mac authentication.
    radius_mac_mpsk_auth str
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radius_mac_mpsk_timeout float
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radius_server str
    RADIUS server to be used to authenticate WiFi users.
    rates11ac_mcs_map str
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11ac_ss12s Sequence[str]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11ac_ss34s Sequence[str]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as Sequence[str]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11ax_mcs_map str
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11ax_ss12s Sequence[str]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ax_ss34s Sequence[str]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs Sequence[str]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11n_ss12s Sequence[str]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11n_ss34s Sequence[str]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roaming_acct_interim_update str
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    sae_groups Sequence[str]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    sae_h2e_only str
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_hnp_only str
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_passwords Sequence[str]
    WPA3 SAE password to be used to authenticate WiFi users.
    sae_pk str
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    sae_private_key str
    Private key used for WPA3 SAE-PK authentication.
    scan_botnet_connections str
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules Sequence[str]
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype str
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondary_wag_profile str
    Secondary wireless access gateway profile name.
    security str
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    security_exempt_list str
    Optional security exempt list for captive portal authentication.
    security_obsolete_option str
    Enable/disable obsolete security options. Valid values: disable, enable.
    security_redirect_url str
    Optional URL for redirecting users after they pass captive portal authentication.
    selected_usergroups str
    Selective user groups that are permitted to authenticate.
    split_tunneling str
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid str
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    sticky_client_remove str
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    sticky_client_threshold2g str
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    sticky_client_threshold5g str
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    sticky_client_threshold6g str
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    target_wake_time str
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkip_counter_measure str
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnel_echo_interval float
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnel_fallback_interval float
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup str
    Firewall user group to be used to authenticate WiFi users.
    utm_log str
    Enable/disable UTM logging. Valid values: disable, enable.
    utm_profile str
    UTM profile name.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom str
    Name of the VDOM that the Virtual AP has been added to.
    vlan_auto str
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlan_names Sequence[ObjectWirelesscontrollerVapVlanNameArgs]
    Vlan-Name. The structure of vlan_name block is documented below.
    vlan_pooling str
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlan_pools Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid float
    Optional VLAN ID.
    voice_enterprise str
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilter_profile str
    WebFilter profile name.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional AKMs. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom String
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Number
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime Number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings List<Property Map>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable String
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Number
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Number
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists List<Property Map>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys List<Property Map>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId String
    an identifier for the resource with format {{name}}.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides Property Map
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules List<String>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype String
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames List<Property Map>
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<Property Map>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid Number
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ObjectWirelesscontrollerVap resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ObjectWirelesscontrollerVap Resource

    Get an existing ObjectWirelesscontrollerVap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ObjectWirelesscontrollerVapState, opts?: CustomResourceOptions): ObjectWirelesscontrollerVap
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        _centmgmt: Optional[str] = None,
        _dhcp_svr_id: Optional[str] = None,
        _intf_allowaccesses: Optional[Sequence[str]] = None,
        _intf_device_access_list: Optional[str] = None,
        _intf_device_identification: Optional[str] = None,
        _intf_device_netscan: Optional[str] = None,
        _intf_dhcp6_relay_ip: Optional[str] = None,
        _intf_dhcp6_relay_service: Optional[str] = None,
        _intf_dhcp6_relay_type: Optional[str] = None,
        _intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
        _intf_dhcp_relay_service: Optional[str] = None,
        _intf_dhcp_relay_type: Optional[str] = None,
        _intf_ip: Optional[str] = None,
        _intf_ip6_address: Optional[str] = None,
        _intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
        _intf_listen_forticlient_connection: Optional[str] = None,
        _is_factory_setting: Optional[str] = None,
        access_control_list: Optional[str] = None,
        acct_interim_interval: Optional[float] = None,
        additional_akms: Optional[Sequence[str]] = None,
        address_group: Optional[str] = None,
        address_group_policy: Optional[str] = None,
        adom: Optional[str] = None,
        alias: Optional[str] = None,
        antivirus_profile: Optional[str] = None,
        application_detection_engine: Optional[str] = None,
        application_dscp_marking: Optional[str] = None,
        application_list: Optional[str] = None,
        application_report_intv: Optional[float] = None,
        atf_weight: Optional[float] = None,
        auth: Optional[str] = None,
        auth_cert: Optional[str] = None,
        auth_portal_addr: Optional[str] = None,
        beacon_advertisings: Optional[Sequence[str]] = None,
        broadcast_ssid: Optional[str] = None,
        broadcast_suppressions: Optional[Sequence[str]] = None,
        bss_color_partial: Optional[str] = None,
        bstm_disassociation_imminent: Optional[str] = None,
        bstm_load_balancing_disassoc_timer: Optional[float] = None,
        bstm_rssi_disassoc_timer: Optional[float] = None,
        captive_portal_ac_name: Optional[str] = None,
        captive_portal_auth_timeout: Optional[float] = None,
        captive_portal_fw_accounting: Optional[str] = None,
        captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
        captive_portal_macauth_radius_server: Optional[str] = None,
        captive_portal_radius_secrets: Optional[Sequence[str]] = None,
        captive_portal_radius_server: Optional[str] = None,
        captive_portal_session_timeout_interval: Optional[float] = None,
        dhcp_address_enforcement: Optional[str] = None,
        dhcp_lease_time: Optional[float] = None,
        dhcp_option43_insertion: Optional[str] = None,
        dhcp_option82_circuit_id_insertion: Optional[str] = None,
        dhcp_option82_insertion: Optional[str] = None,
        dhcp_option82_remote_id_insertion: Optional[str] = None,
        dynamic_mappings: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        dynamic_vlan: Optional[str] = None,
        eap_reauth: Optional[str] = None,
        eap_reauth_intv: Optional[float] = None,
        eapol_key_retries: Optional[str] = None,
        encrypt: Optional[str] = None,
        external_fast_roaming: Optional[str] = None,
        external_logout: Optional[str] = None,
        external_web: Optional[str] = None,
        external_web_format: Optional[str] = None,
        fast_bss_transition: Optional[str] = None,
        fast_roaming: Optional[str] = None,
        ft_mobility_domain: Optional[float] = None,
        ft_over_ds: Optional[str] = None,
        ft_r0_key_lifetime: Optional[float] = None,
        gas_comeback_delay: Optional[float] = None,
        gas_fragmentation_limit: Optional[float] = None,
        gtk_rekey: Optional[str] = None,
        gtk_rekey_intv: Optional[float] = None,
        high_efficiency: Optional[str] = None,
        hotspot20_profile: Optional[str] = None,
        igmp_snooping: Optional[str] = None,
        intra_vap_privacy: Optional[str] = None,
        ip: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        ipv6_rules: Optional[Sequence[str]] = None,
        keyindex: Optional[float] = None,
        keys: Optional[Sequence[str]] = None,
        l3_roaming: Optional[str] = None,
        l3_roaming_mode: Optional[str] = None,
        ldpc: Optional[str] = None,
        local_authentication: Optional[str] = None,
        local_bridging: Optional[str] = None,
        local_lan: Optional[str] = None,
        local_standalone: Optional[str] = None,
        local_standalone_dns: Optional[str] = None,
        local_standalone_dns_ips: Optional[Sequence[str]] = None,
        local_standalone_nat: Optional[str] = None,
        mac_auth_bypass: Optional[str] = None,
        mac_called_station_delimiter: Optional[str] = None,
        mac_calling_station_delimiter: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_filter: Optional[str] = None,
        mac_filter_lists: Optional[Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]] = None,
        mac_filter_policy_other: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        max_clients: Optional[float] = None,
        max_clients_ap: Optional[float] = None,
        mbo: Optional[str] = None,
        mbo_cell_data_conn_pref: Optional[str] = None,
        me_disable_thresh: Optional[float] = None,
        mesh_backhaul: Optional[str] = None,
        mpsk: Optional[str] = None,
        mpsk_concurrent_clients: Optional[float] = None,
        mpsk_keys: Optional[Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]] = None,
        mpsk_profile: Optional[str] = None,
        mu_mimo: Optional[str] = None,
        multicast_enhance: Optional[str] = None,
        multicast_rate: Optional[str] = None,
        n80211k: Optional[str] = None,
        n80211v: Optional[str] = None,
        nac: Optional[str] = None,
        nac_profile: Optional[str] = None,
        name: Optional[str] = None,
        neighbor_report_dual_band: Optional[str] = None,
        object_wirelesscontroller_vap_id: Optional[str] = None,
        okc: Optional[str] = None,
        osen: Optional[str] = None,
        owe_groups: Optional[Sequence[str]] = None,
        owe_transition: Optional[str] = None,
        owe_transition_ssid: Optional[str] = None,
        passphrases: Optional[Sequence[str]] = None,
        pmf: Optional[str] = None,
        pmf_assoc_comeback_timeout: Optional[float] = None,
        pmf_sa_query_retry_timeout: Optional[float] = None,
        port_macauth: Optional[str] = None,
        port_macauth_reauth_timeout: Optional[float] = None,
        port_macauth_timeout: Optional[float] = None,
        portal_message_override_group: Optional[str] = None,
        portal_message_overrides: Optional[ObjectWirelesscontrollerVapPortalMessageOverridesArgs] = None,
        portal_type: Optional[str] = None,
        primary_wag_profile: Optional[str] = None,
        probe_resp_suppression: Optional[str] = None,
        probe_resp_threshold: Optional[str] = None,
        ptk_rekey: Optional[str] = None,
        ptk_rekey_intv: Optional[float] = None,
        qos_profile: Optional[str] = None,
        quarantine: Optional[str] = None,
        radio2g_threshold: Optional[str] = None,
        radio5g_threshold: Optional[str] = None,
        radio_sensitivity: Optional[str] = None,
        radius_mac_auth: Optional[str] = None,
        radius_mac_auth_block_interval: Optional[float] = None,
        radius_mac_auth_server: Optional[str] = None,
        radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
        radius_mac_mpsk_auth: Optional[str] = None,
        radius_mac_mpsk_timeout: Optional[float] = None,
        radius_server: Optional[str] = None,
        rates11ac_mcs_map: Optional[str] = None,
        rates11ac_ss12s: Optional[Sequence[str]] = None,
        rates11ac_ss34s: Optional[Sequence[str]] = None,
        rates11as: Optional[Sequence[str]] = None,
        rates11ax_mcs_map: Optional[str] = None,
        rates11ax_ss12s: Optional[Sequence[str]] = None,
        rates11ax_ss34s: Optional[Sequence[str]] = None,
        rates11bgs: Optional[Sequence[str]] = None,
        rates11n_ss12s: Optional[Sequence[str]] = None,
        rates11n_ss34s: Optional[Sequence[str]] = None,
        roaming_acct_interim_update: Optional[str] = None,
        sae_groups: Optional[Sequence[str]] = None,
        sae_h2e_only: Optional[str] = None,
        sae_hnp_only: Optional[str] = None,
        sae_passwords: Optional[Sequence[str]] = None,
        sae_pk: Optional[str] = None,
        sae_private_key: Optional[str] = None,
        scan_botnet_connections: Optional[str] = None,
        schedules: Optional[Sequence[str]] = None,
        scopetype: Optional[str] = None,
        secondary_wag_profile: Optional[str] = None,
        security: Optional[str] = None,
        security_exempt_list: Optional[str] = None,
        security_obsolete_option: Optional[str] = None,
        security_redirect_url: Optional[str] = None,
        selected_usergroups: Optional[str] = None,
        split_tunneling: Optional[str] = None,
        ssid: Optional[str] = None,
        sticky_client_remove: Optional[str] = None,
        sticky_client_threshold2g: Optional[str] = None,
        sticky_client_threshold5g: Optional[str] = None,
        sticky_client_threshold6g: Optional[str] = None,
        target_wake_time: Optional[str] = None,
        tkip_counter_measure: Optional[str] = None,
        tunnel_echo_interval: Optional[float] = None,
        tunnel_fallback_interval: Optional[float] = None,
        usergroup: Optional[str] = None,
        utm_log: Optional[str] = None,
        utm_profile: Optional[str] = None,
        utm_status: Optional[str] = None,
        vdom: Optional[str] = None,
        vlan_auto: Optional[str] = None,
        vlan_names: Optional[Sequence[ObjectWirelesscontrollerVapVlanNameArgs]] = None,
        vlan_pooling: Optional[str] = None,
        vlan_pools: Optional[Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]] = None,
        vlanid: Optional[float] = None,
        voice_enterprise: Optional[str] = None,
        webfilter_profile: Optional[str] = None) -> ObjectWirelesscontrollerVap
    func GetObjectWirelesscontrollerVap(ctx *Context, name string, id IDInput, state *ObjectWirelesscontrollerVapState, opts ...ResourceOption) (*ObjectWirelesscontrollerVap, error)
    public static ObjectWirelesscontrollerVap Get(string name, Input<string> id, ObjectWirelesscontrollerVapState? state, CustomResourceOptions? opts = null)
    public static ObjectWirelesscontrollerVap get(String name, Output<String> id, ObjectWirelesscontrollerVapState state, CustomResourceOptions options)
    resources:  _:    type: fortimanager:ObjectWirelesscontrollerVap    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms List<string>
    Additional AKMs. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv double
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight double
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings List<string>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions List<string>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout double
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets List<string>
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets List<string>
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval double
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    DhcpLeaseTime double
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicMappings List<ObjectWirelesscontrollerVapDynamicMapping>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    DynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay double
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit double
    GAS fragmentation limit (512 - 4096, default = 1024).
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules List<string>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex double
    WEP key index (1 - 4).
    Keys List<string>
    WEP Key.
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps List<string>
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterLists List<ObjectWirelesscontrollerVapMacFilterList>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskKeys List<ObjectWirelesscontrollerVapMpskKey>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: disable, enable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    ObjectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups List<string>
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases List<string>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout double
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout double
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups List<string>
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s List<string>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s List<string>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as List<string>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s List<string>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s List<string>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs List<string>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s List<string>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s List<string>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups List<string>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords List<string>
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedules List<string>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    Scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Name of the VDOM that the Virtual AP has been added to.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanNames List<ObjectWirelesscontrollerVapVlanName>
    Vlan-Name. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools List<ObjectWirelesscontrollerVapVlanPool>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    Vlanid double
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<string>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<string>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<string>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    AccessControlList string
    access-control-list profile name.
    AcctInterimInterval float64
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms []string
    Additional AKMs. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    Adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv float64
    Application report interval (30 - 864000 sec, default = 120).
    AtfWeight float64
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings []string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions []string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    BstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer float64
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    BstmRssiDisassocTimer float64
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout float64
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets []string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets []string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval float64
    Session timeout interval (0 - 864000 sec, default = 0).
    DhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    DhcpLeaseTime float64
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicMappings []ObjectWirelesscontrollerVapDynamicMappingTypeArgs
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    DynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv float64
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain float64
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime float64
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay float64
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    GasFragmentationLimit float64
    GAS fragmentation limit (512 - 4096, default = 1024).
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv float64
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules []string
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex float64
    WEP key index (1 - 4).
    Keys []string
    WEP Key.
    L3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps []string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterLists []ObjectWirelesscontrollerVapMacFilterListTypeArgs
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    MaxClients float64
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp float64
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    MboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh float64
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients float64
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskKeys []ObjectWirelesscontrollerVapMpskKeyArgs
    Mpsk-Key. The structure of mpsk_key block is documented below.
    MpskProfile string
    MPSK profile name.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Enable/disable network access control. Valid values: disable, enable.
    NacProfile string
    NAC profile name.
    Name string
    Virtual AP name.
    NeighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    ObjectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups []string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases []string
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout float64
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout float64
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout float64
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    PortMacauthTimeout float64
    LAN port MAC authentication idle timeout value (default = 600 sec).
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverridesTypeArgs
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv float64
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval float64
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups []string
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout float64
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s []string
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s []string
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as []string
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s []string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s []string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs []string
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s []string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s []string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups []string
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords []string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedules []string
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    Scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    StickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    StickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval float64
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval float64
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Name of the VDOM that the Virtual AP has been added to.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanNames []ObjectWirelesscontrollerVapVlanNameTypeArgs
    Vlan-Name. The structure of vlan_name block is documented below.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    VlanPools []ObjectWirelesscontrollerVapVlanPoolTypeArgs
    Vlan-Pool. The structure of vlan_pool block is documented below.
    Vlanid float64
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses []string
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps []string
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses []string
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional AKMs. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom String
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Double
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Double
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Double
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Double
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Double
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime Double
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings List<ObjectWirelesscontrollerVapDynamicMapping>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable String
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Double
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Double
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Double
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists List<ObjectWirelesscontrollerVapMacFilterList>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys List<ObjectWirelesscontrollerVapMpskKey>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId String
    an identifier for the resource with format {{name}}.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Double
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Double
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules List<String>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype String
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames List<ObjectWirelesscontrollerVapVlanName>
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<ObjectWirelesscontrollerVapVlanPool>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid Double
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses string[]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps string[]
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses string[]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList string
    access-control-list profile name.
    acctInterimInterval number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms string[]
    Additional AKMs. Valid values: akm6.
    addressGroup string
    Address group ID.
    addressGroupPolicy string
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom string
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias string
    Alias.
    antivirusProfile string
    AntiVirus profile name.
    applicationDetectionEngine string
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList string
    Application control list name.
    applicationReportIntv number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight number
    Airtime weight in percentage (default = 20).
    auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert string
    HTTPS server certificate.
    authPortalAddr string
    Address of captive portal.
    beaconAdvertisings string[]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions string[]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial string
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent string
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName string
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets string[]
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets string[]
    Secret key to access the RADIUS server.
    captivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement string
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion string
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings ObjectWirelesscontrollerVapDynamicMapping[]
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable string
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout string
    URL of external authentication logout server.
    externalWeb string
    URL of external authentication web server.
    externalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit number
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile string
    Hotspot 2.0 profile name.
    igmpSnooping string
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip string
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor string
    IPS sensor name.
    ipv6Rules string[]
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex number
    WEP key index (1 - 4).
    keys string[]
    WEP Key.
    l3Roaming string
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps string[]
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter string
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter string
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase string
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists ObjectWirelesscontrollerVapMacFilterList[]
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter string
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo string
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref string
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys ObjectWirelesscontrollerVapMpskKey[]
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile string
    MPSK profile name.
    muMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac string
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile string
    NAC profile name.
    name string
    Virtual AP name.
    neighborReportDualBand string
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId string
    an identifier for the resource with format {{name}}.
    okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups string[]
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid string
    OWE transition mode peer SSID.
    passphrases string[]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth string
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides ObjectWirelesscontrollerVapPortalMessageOverrides
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile string
    Primary wireless access gateway profile name.
    probeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile string
    Quality of service profile name.
    quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer string
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups string[]
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer string
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s string[]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s string[]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as string[]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s string[]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s string[]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs string[]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s string[]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s string[]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups string[]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords string[]
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules string[]
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype string
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile string
    Secondary wireless access gateway profile name.
    security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList string
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups string
    Selective user groups that are permitted to authenticate.
    splitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove string
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g string
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g string
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup string
    Firewall user group to be used to authenticate WiFi users.
    utmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile string
    UTM profile name.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom string
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames ObjectWirelesscontrollerVapVlanName[]
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools ObjectWirelesscontrollerVapVlanPool[]
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid number
    Optional VLAN ID.
    voiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile string
    WebFilter profile name.
    _centmgmt str
    _Centmgmt. Valid values: disable, enable.
    _dhcp_svr_id str
    _Dhcp_Svr_Id.
    _intf_allowaccesses Sequence[str]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intf_device_access_list str
    _Intf_Device-Access-List.
    _intf_device_identification str
    _Intf_Device-Identification. Valid values: disable, enable.
    _intf_device_netscan str
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intf_dhcp6_relay_ip str
    _Intf_Dhcp6-Relay-Ip.
    _intf_dhcp6_relay_service str
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intf_dhcp6_relay_type str
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intf_dhcp_relay_ips Sequence[str]
    _Intf_Dhcp-Relay-Ip.
    _intf_dhcp_relay_service str
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intf_dhcp_relay_type str
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intf_ip str
    _Intf_Ip.
    _intf_ip6_address str
    _Intf_Ip6-Address.
    _intf_ip6_allowaccesses Sequence[str]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intf_listen_forticlient_connection str
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _is_factory_setting str
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    access_control_list str
    access-control-list profile name.
    acct_interim_interval float
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additional_akms Sequence[str]
    Additional AKMs. Valid values: akm6.
    address_group str
    Address group ID.
    address_group_policy str
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom str
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias str
    Alias.
    antivirus_profile str
    AntiVirus profile name.
    application_detection_engine str
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    application_dscp_marking str
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    application_list str
    Application control list name.
    application_report_intv float
    Application report interval (30 - 864000 sec, default = 120).
    atf_weight float
    Airtime weight in percentage (default = 20).
    auth str
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    auth_cert str
    HTTPS server certificate.
    auth_portal_addr str
    Address of captive portal.
    beacon_advertisings Sequence[str]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcast_ssid str
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcast_suppressions Sequence[str]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bss_color_partial str
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstm_disassociation_imminent str
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstm_load_balancing_disassoc_timer float
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstm_rssi_disassoc_timer float
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captive_portal_ac_name str
    Local-bridging captive portal ac-name.
    captive_portal_auth_timeout float
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captive_portal_fw_accounting str
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captive_portal_macauth_radius_secrets Sequence[str]
    Secret key to access the macauth RADIUS server.
    captive_portal_macauth_radius_server str
    Captive portal external RADIUS server domain name or IP address.
    captive_portal_radius_secrets Sequence[str]
    Secret key to access the RADIUS server.
    captive_portal_radius_server str
    Captive portal RADIUS server domain name or IP address.
    captive_portal_session_timeout_interval float
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcp_address_enforcement str
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcp_lease_time float
    DHCP lease time in seconds for NAT IP address.
    dhcp_option43_insertion str
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcp_option82_circuit_id_insertion str
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcp_option82_insertion str
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcp_option82_remote_id_insertion str
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamic_mappings Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamic_sort_subtable str
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamic_vlan str
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eap_reauth str
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eap_reauth_intv float
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapol_key_retries str
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt str
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    external_fast_roaming str
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    external_logout str
    URL of external authentication logout server.
    external_web str
    URL of external authentication web server.
    external_web_format str
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fast_bss_transition str
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fast_roaming str
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ft_mobility_domain float
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ft_over_ds str
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ft_r0_key_lifetime float
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gas_comeback_delay float
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gas_fragmentation_limit float
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtk_rekey str
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtk_rekey_intv float
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    high_efficiency str
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20_profile str
    Hotspot 2.0 profile name.
    igmp_snooping str
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intra_vap_privacy str
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip str
    IP address and subnet mask for the local standalone NAT subnet.
    ips_sensor str
    IPS sensor name.
    ipv6_rules Sequence[str]
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex float
    WEP key index (1 - 4).
    keys Sequence[str]
    WEP Key.
    l3_roaming str
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3_roaming_mode str
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc str
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    local_authentication str
    Enable/disable AP local authentication. Valid values: disable, enable.
    local_bridging str
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    local_lan str
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    local_standalone str
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    local_standalone_dns str
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    local_standalone_dns_ips Sequence[str]
    IPv4 addresses for the local standalone DNS.
    local_standalone_nat str
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    mac_auth_bypass str
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    mac_called_station_delimiter str
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_calling_station_delimiter str
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_case str
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    mac_filter str
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    mac_filter_lists Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    mac_filter_policy_other str
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    mac_password_delimiter str
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    max_clients float
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    max_clients_ap float
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo str
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mbo_cell_data_conn_pref str
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    me_disable_thresh float
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    mesh_backhaul str
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk str
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpsk_concurrent_clients float
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpsk_keys Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpsk_profile str
    MPSK profile name.
    mu_mimo str
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicast_enhance str
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicast_rate str
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k str
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v str
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac str
    Enable/disable network access control. Valid values: disable, enable.
    nac_profile str
    NAC profile name.
    name str
    Virtual AP name.
    neighbor_report_dual_band str
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    object_wirelesscontroller_vap_id str
    an identifier for the resource with format {{name}}.
    okc str
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen str
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    owe_groups Sequence[str]
    OWE-Groups. Valid values: 19, 20, 21.
    owe_transition str
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    owe_transition_ssid str
    OWE transition mode peer SSID.
    passphrases Sequence[str]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf str
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmf_assoc_comeback_timeout float
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmf_sa_query_retry_timeout float
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    port_macauth str
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    port_macauth_reauth_timeout float
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    port_macauth_timeout float
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portal_message_override_group str
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portal_message_overrides ObjectWirelesscontrollerVapPortalMessageOverridesArgs
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portal_type str
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primary_wag_profile str
    Primary wireless access gateway profile name.
    probe_resp_suppression str
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probe_resp_threshold str
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptk_rekey str
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptk_rekey_intv float
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qos_profile str
    Quality of service profile name.
    quarantine str
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radio_sensitivity str
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radius_mac_auth str
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radius_mac_auth_block_interval float
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radius_mac_auth_server str
    RADIUS-based MAC authentication server.
    radius_mac_auth_usergroups Sequence[str]
    Selective user groups that are permitted for RADIUS mac authentication.
    radius_mac_mpsk_auth str
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radius_mac_mpsk_timeout float
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radius_server str
    RADIUS server to be used to authenticate WiFi users.
    rates11ac_mcs_map str
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11ac_ss12s Sequence[str]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11ac_ss34s Sequence[str]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as Sequence[str]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11ax_mcs_map str
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11ax_ss12s Sequence[str]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ax_ss34s Sequence[str]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs Sequence[str]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11n_ss12s Sequence[str]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11n_ss34s Sequence[str]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roaming_acct_interim_update str
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    sae_groups Sequence[str]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    sae_h2e_only str
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_hnp_only str
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_passwords Sequence[str]
    WPA3 SAE password to be used to authenticate WiFi users.
    sae_pk str
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    sae_private_key str
    Private key used for WPA3 SAE-PK authentication.
    scan_botnet_connections str
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules Sequence[str]
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype str
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondary_wag_profile str
    Secondary wireless access gateway profile name.
    security str
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    security_exempt_list str
    Optional security exempt list for captive portal authentication.
    security_obsolete_option str
    Enable/disable obsolete security options. Valid values: disable, enable.
    security_redirect_url str
    Optional URL for redirecting users after they pass captive portal authentication.
    selected_usergroups str
    Selective user groups that are permitted to authenticate.
    split_tunneling str
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid str
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    sticky_client_remove str
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    sticky_client_threshold2g str
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    sticky_client_threshold5g str
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    sticky_client_threshold6g str
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    target_wake_time str
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkip_counter_measure str
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnel_echo_interval float
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnel_fallback_interval float
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup str
    Firewall user group to be used to authenticate WiFi users.
    utm_log str
    Enable/disable UTM logging. Valid values: disable, enable.
    utm_profile str
    UTM profile name.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom str
    Name of the VDOM that the Virtual AP has been added to.
    vlan_auto str
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlan_names Sequence[ObjectWirelesscontrollerVapVlanNameArgs]
    Vlan-Name. The structure of vlan_name block is documented below.
    vlan_pooling str
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlan_pools Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid float
    Optional VLAN ID.
    voice_enterprise str
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilter_profile str
    WebFilter profile name.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    accessControlList String
    access-control-list profile name.
    acctInterimInterval Number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional AKMs. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable, allow, deny.
    adom String
    Adom. This value is valid only when the scopetype is adom, otherwise the value of adom in the provider will be inherited.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Enable/disable application detection engine (default = disable). Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Number
    Application report interval (30 - 864000 sec, default = 120).
    atfWeight Number
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable, enable.
    bstmDisassociationImminent String
    Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
    bstmRssiDisassocTimer Number
    Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Number
    Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Number
    Session timeout interval (0 - 864000 sec, default = 0).
    dhcpAddressEnforcement String
    Enable/disable DHCP address enforcement (default = disable). Valid values: disable, enable.
    dhcpLeaseTime Number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicMappings List<Property Map>
    Dynamic_Mapping. The structure of dynamic_mapping block is documented below.
    dynamicSortSubtable String
    true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Number
    GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
    gasFragmentationLimit Number
    GAS fragmentation limit (512 - 4096, default = 1024).
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Enable/disable IGMP snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Number
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    Enable/disable layer 3 roaming (default = disable). Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    MAC called station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    MAC calling station delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    MAC case (default = uppercase). Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterLists List<Property Map>
    Mac-Filter-List. The structure of mac_filter_list block is documented below.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    MAC authentication password delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    MAC authentication username delimiter (default = hyphen). Valid values: hyphen, single-hyphen, colon, none.
    maxClients Number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Enable/disable Multiband Operation (default = disable). Valid values: disable, enable.
    mboCellDataConnPref String
    MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskKeys List<Property Map>
    Mpsk-Key. The structure of mpsk_key block is documented below.
    mpskProfile String
    MPSK profile name.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Enable/disable network access control. Valid values: disable, enable.
    nacProfile String
    NAC profile name.
    name String
    Virtual AP name.
    neighborReportDualBand String
    Enable/disable dual-band neighbor report (default = disable). Valid values: disable, enable.
    objectWirelesscontrollerVapId String
    an identifier for the resource with format {{name}}.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Enable/disable LAN port MAC authentication (default = disable). Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Number
    LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
    portMacauthTimeout Number
    LAN port MAC authentication idle timeout value (default = 600 sec).
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalMessageOverrides Property Map
    Portal-Message-Overrides. The structure of portal_message_overrides block is documented below.
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedules List<String>
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    scopetype String
    The scope of application of the resource. Valid values: inherit, adom, global. The inherit means that the scopetype of the provider will be inherited, and adom will also be inherited. The default value is inherit.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable, enable.
    stickyClientThreshold2g String
    Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
    stickyClientThreshold5g String
    Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Name of the VDOM that the Virtual AP has been added to.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanNames List<Property Map>
    Vlan-Name. The structure of vlan_name block is documented below.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanPools List<Property Map>
    Vlan-Pool. The structure of vlan_pool block is documented below.
    vlanid Number
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.

    Supporting Types

    ObjectWirelesscontrollerVapDynamicMapping, ObjectWirelesscontrollerVapDynamicMappingArgs

    AccessControlList string
    Access-Control-List.
    AcctInterimInterval double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms List<string>
    Additional-Akms. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Address-Group-Policy. Valid values: disable, allow, deny.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Application-Detection-Engine. Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv double
    Application-Report-Intv.
    AtfWeight double
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings List<string>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions List<string>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Bss-Color-Partial. Valid values: disable, enable.
    BstmDisassociationImminent string
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer double
    Bstm-Load-Balancing-Disassoc-Timer.
    BstmRssiDisassocTimer double
    Bstm-Rssi-Disassoc-Timer.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout double
    Captive-Portal-Auth-Timeout.
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets List<string>
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets List<string>
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval double
    Session timeout interval (0 - 864000 sec, default = 0).
    ClientCount double
    Client-Count.
    DhcpAddressEnforcement string
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    DhcpLeaseTime double
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay double
    Gas-Comeback-Delay.
    GasFragmentationLimit double
    Gas-Fragmentation-Limit.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Igmp-Snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules List<string>
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex double
    WEP key index (1 - 4).
    Keys List<string>
    WEP Key.
    L3Roaming string
    L3-Roaming. Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps List<string>
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    LocalSwitching string
    Local-Switching. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    Mac-Case. Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MaxClients double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Mbo. Valid values: disable, enable.
    MboCellDataConnPref string
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskProfile string
    Mpsk-Profile.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Nac. Valid values: disable, enable.
    NacProfile string
    Nac-Profile.
    NeighborReportDualBand string
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups List<string>
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases List<string>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Port-Macauth. Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout double
    Port-Macauth-Reauth-Timeout.
    PortMacauthTimeout double
    Port-Macauth-Timeout.
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups List<string>
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s List<string>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s List<string>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as List<string>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s List<string>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s List<string>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs List<string>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s List<string>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s List<string>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups List<string>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords List<string>
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedule string
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Sticky-Client-Remove. Valid values: disable, enable.
    StickyClientThreshold2g string
    Sticky-Client-Threshold-2G.
    StickyClientThreshold5g string
    Sticky-Client-Threshold-5G.
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Vdom.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    Vlanid double
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<string>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<string>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<string>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes List<ObjectWirelesscontrollerVapDynamicMapping_Scope>
    _Scope. The structure of _scope block is documented below.
    AccessControlList string
    Access-Control-List.
    AcctInterimInterval float64
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    AdditionalAkms []string
    Additional-Akms. Valid values: akm6.
    AddressGroup string
    Address group ID.
    AddressGroupPolicy string
    Address-Group-Policy. Valid values: disable, allow, deny.
    Alias string
    Alias.
    AntivirusProfile string
    AntiVirus profile name.
    ApplicationDetectionEngine string
    Application-Detection-Engine. Valid values: disable, enable.
    ApplicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    ApplicationList string
    Application control list name.
    ApplicationReportIntv float64
    Application-Report-Intv.
    AtfWeight float64
    Airtime weight in percentage (default = 20).
    Auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    AuthCert string
    HTTPS server certificate.
    AuthPortalAddr string
    Address of captive portal.
    BeaconAdvertisings []string
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    BroadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    BroadcastSuppressions []string
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    BssColorPartial string
    Bss-Color-Partial. Valid values: disable, enable.
    BstmDisassociationImminent string
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    BstmLoadBalancingDisassocTimer float64
    Bstm-Load-Balancing-Disassoc-Timer.
    BstmRssiDisassocTimer float64
    Bstm-Rssi-Disassoc-Timer.
    CaptivePortalAcName string
    Local-bridging captive portal ac-name.
    CaptivePortalAuthTimeout float64
    Captive-Portal-Auth-Timeout.
    CaptivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    CaptivePortalMacauthRadiusSecrets []string
    Secret key to access the macauth RADIUS server.
    CaptivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    CaptivePortalRadiusSecrets []string
    Secret key to access the RADIUS server.
    CaptivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    CaptivePortalSessionTimeoutInterval float64
    Session timeout interval (0 - 864000 sec, default = 0).
    ClientCount float64
    Client-Count.
    DhcpAddressEnforcement string
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    DhcpLeaseTime float64
    DHCP lease time in seconds for NAT IP address.
    DhcpOption43Insertion string
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    DhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    DhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    DhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    DynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    EapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    EapReauthIntv float64
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    EapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    Encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    ExternalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    ExternalLogout string
    URL of external authentication logout server.
    ExternalWeb string
    URL of external authentication web server.
    ExternalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    FastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    FastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    FtMobilityDomain float64
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    FtOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    FtR0KeyLifetime float64
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    GasComebackDelay float64
    Gas-Comeback-Delay.
    GasFragmentationLimit float64
    Gas-Fragmentation-Limit.
    GtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    GtkRekeyIntv float64
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    HighEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    Hotspot20Profile string
    Hotspot 2.0 profile name.
    IgmpSnooping string
    Igmp-Snooping. Valid values: disable, enable.
    IntraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    Ip string
    IP address and subnet mask for the local standalone NAT subnet.
    IpsSensor string
    IPS sensor name.
    Ipv6Rules []string
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    Keyindex float64
    WEP key index (1 - 4).
    Keys []string
    WEP Key.
    L3Roaming string
    L3-Roaming. Valid values: disable, enable.
    L3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    Ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    LocalAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    LocalBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    LocalLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    LocalStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    LocalStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    LocalStandaloneDnsIps []string
    IPv4 addresses for the local standalone DNS.
    LocalStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    LocalSwitching string
    Local-Switching. Valid values: disable, enable.
    MacAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    MacCalledStationDelimiter string
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacCallingStationDelimiter string
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacCase string
    Mac-Case. Valid values: uppercase, lowercase.
    MacFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    MacFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    MacPasswordDelimiter string
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MacUsernameDelimiter string
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    MaxClients float64
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    MaxClientsAp float64
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    Mbo string
    Mbo. Valid values: disable, enable.
    MboCellDataConnPref string
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    MeDisableThresh float64
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    MeshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    Mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    MpskConcurrentClients float64
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    MpskProfile string
    Mpsk-Profile.
    MuMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    MulticastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    MulticastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    N80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    N80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    Nac string
    Nac. Valid values: disable, enable.
    NacProfile string
    Nac-Profile.
    NeighborReportDualBand string
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    Okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    Osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    OweGroups []string
    OWE-Groups. Valid values: 19, 20, 21.
    OweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    OweTransitionSsid string
    OWE transition mode peer SSID.
    Passphrases []string
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    Pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    PmfAssocComebackTimeout float64
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    PmfSaQueryRetryTimeout float64
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    PortMacauth string
    Port-Macauth. Valid values: disable, radius, address-group.
    PortMacauthReauthTimeout float64
    Port-Macauth-Reauth-Timeout.
    PortMacauthTimeout float64
    Port-Macauth-Timeout.
    PortalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    PortalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    PrimaryWagProfile string
    Primary wireless access gateway profile name.
    ProbeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    ProbeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    PtkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    PtkRekeyIntv float64
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    QosProfile string
    Quality of service profile name.
    Quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    Radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    Radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    RadioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    RadiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    RadiusMacAuthBlockInterval float64
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    RadiusMacAuthServer string
    RADIUS-based MAC authentication server.
    RadiusMacAuthUsergroups []string
    Selective user groups that are permitted for RADIUS mac authentication.
    RadiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    RadiusMacMpskTimeout float64
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    RadiusServer string
    RADIUS server to be used to authenticate WiFi users.
    Rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    Rates11acSs12s []string
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    Rates11acSs34s []string
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    Rates11as []string
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    Rates11axSs12s []string
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    Rates11axSs34s []string
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    Rates11bgs []string
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    Rates11nSs12s []string
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    Rates11nSs34s []string
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    RoamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    SaeGroups []string
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    SaeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    SaePasswords []string
    WPA3 SAE password to be used to authenticate WiFi users.
    SaePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    SaePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    ScanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    Schedule string
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    SecondaryWagProfile string
    Secondary wireless access gateway profile name.
    Security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    SecurityExemptList string
    Optional security exempt list for captive portal authentication.
    SecurityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    SecurityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    SelectedUsergroups string
    Selective user groups that are permitted to authenticate.
    SplitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    Ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    StickyClientRemove string
    Sticky-Client-Remove. Valid values: disable, enable.
    StickyClientThreshold2g string
    Sticky-Client-Threshold-2G.
    StickyClientThreshold5g string
    Sticky-Client-Threshold-5G.
    StickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    TargetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    TkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    TunnelEchoInterval float64
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    TunnelFallbackInterval float64
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    Usergroup string
    Firewall user group to be used to authenticate WiFi users.
    UtmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    UtmProfile string
    UTM profile name.
    UtmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    Vdom string
    Vdom.
    VlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    VlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    Vlanid float64
    Optional VLAN ID.
    VoiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    WebfilterProfile string
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses []string
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps []string
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses []string
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes []ObjectWirelesscontrollerVapDynamicMapping_Scope
    _Scope. The structure of _scope block is documented below.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes List<ObjectWirelesscontrollerVapDynamicMapping_Scope>
    _Scope. The structure of _scope block is documented below.
    accessControlList String
    Access-Control-List.
    acctInterimInterval Double
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional-Akms. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Address-Group-Policy. Valid values: disable, allow, deny.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Application-Detection-Engine. Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Double
    Application-Report-Intv.
    atfWeight Double
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Bss-Color-Partial. Valid values: disable, enable.
    bstmDisassociationImminent String
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Double
    Bstm-Load-Balancing-Disassoc-Timer.
    bstmRssiDisassocTimer Double
    Bstm-Rssi-Disassoc-Timer.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Double
    Captive-Portal-Auth-Timeout.
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Double
    Session timeout interval (0 - 864000 sec, default = 0).
    clientCount Double
    Client-Count.
    dhcpAddressEnforcement String
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    dhcpLeaseTime Double
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Double
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Double
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Double
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Double
    Gas-Comeback-Delay.
    gasFragmentationLimit Double
    Gas-Fragmentation-Limit.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Double
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Igmp-Snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Double
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    L3-Roaming. Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    localSwitching String
    Local-Switching. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    Mac-Case. Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    maxClients Double
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Double
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Mbo. Valid values: disable, enable.
    mboCellDataConnPref String
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Double
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Double
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskProfile String
    Mpsk-Profile.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Nac. Valid values: disable, enable.
    nacProfile String
    Nac-Profile.
    neighborReportDualBand String
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Double
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Double
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Port-Macauth. Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Double
    Port-Macauth-Reauth-Timeout.
    portMacauthTimeout Double
    Port-Macauth-Timeout.
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Double
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Double
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Double
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedule String
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Sticky-Client-Remove. Valid values: disable, enable.
    stickyClientThreshold2g String
    Sticky-Client-Threshold-2G.
    stickyClientThreshold5g String
    Sticky-Client-Threshold-5G.
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Double
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Double
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Vdom.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanid Double
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.
    _centmgmt string
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId string
    _Dhcp_Svr_Id.
    _intfAllowaccesses string[]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList string
    _Intf_Device-Access-List.
    _intfDeviceIdentification string
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan string
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp string
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService string
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType string
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps string[]
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService string
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType string
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp string
    _Intf_Ip.
    _intfIp6Address string
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses string[]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection string
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting string
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes ObjectWirelesscontrollerVapDynamicMapping_Scope[]
    _Scope. The structure of _scope block is documented below.
    accessControlList string
    Access-Control-List.
    acctInterimInterval number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms string[]
    Additional-Akms. Valid values: akm6.
    addressGroup string
    Address group ID.
    addressGroupPolicy string
    Address-Group-Policy. Valid values: disable, allow, deny.
    alias string
    Alias.
    antivirusProfile string
    AntiVirus profile name.
    applicationDetectionEngine string
    Application-Detection-Engine. Valid values: disable, enable.
    applicationDscpMarking string
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList string
    Application control list name.
    applicationReportIntv number
    Application-Report-Intv.
    atfWeight number
    Airtime weight in percentage (default = 20).
    auth string
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert string
    HTTPS server certificate.
    authPortalAddr string
    Address of captive portal.
    beaconAdvertisings string[]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid string
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions string[]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial string
    Bss-Color-Partial. Valid values: disable, enable.
    bstmDisassociationImminent string
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer number
    Bstm-Load-Balancing-Disassoc-Timer.
    bstmRssiDisassocTimer number
    Bstm-Rssi-Disassoc-Timer.
    captivePortalAcName string
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout number
    Captive-Portal-Auth-Timeout.
    captivePortalFwAccounting string
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets string[]
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer string
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets string[]
    Secret key to access the RADIUS server.
    captivePortalRadiusServer string
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval number
    Session timeout interval (0 - 864000 sec, default = 0).
    clientCount number
    Client-Count.
    dhcpAddressEnforcement string
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    dhcpLeaseTime number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion string
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion string
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion string
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion string
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicVlan string
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth string
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries string
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt string
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming string
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout string
    URL of external authentication logout server.
    externalWeb string
    URL of external authentication web server.
    externalWebFormat string
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition string
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming string
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs string
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay number
    Gas-Comeback-Delay.
    gasFragmentationLimit number
    Gas-Fragmentation-Limit.
    gtkRekey string
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency string
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile string
    Hotspot 2.0 profile name.
    igmpSnooping string
    Igmp-Snooping. Valid values: disable, enable.
    intraVapPrivacy string
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip string
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor string
    IPS sensor name.
    ipv6Rules string[]
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex number
    WEP key index (1 - 4).
    keys string[]
    WEP Key.
    l3Roaming string
    L3-Roaming. Valid values: disable, enable.
    l3RoamingMode string
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc string
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication string
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging string
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan string
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone string
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns string
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps string[]
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat string
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    localSwitching string
    Local-Switching. Valid values: disable, enable.
    macAuthBypass string
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter string
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter string
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCase string
    Mac-Case. Valid values: uppercase, lowercase.
    macFilter string
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterPolicyOther string
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter string
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter string
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    maxClients number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo string
    Mbo. Valid values: disable, enable.
    mboCellDataConnPref string
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul string
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk string
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskProfile string
    Mpsk-Profile.
    muMimo string
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance string
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate string
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k string
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v string
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac string
    Nac. Valid values: disable, enable.
    nacProfile string
    Nac-Profile.
    neighborReportDualBand string
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    okc string
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen string
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups string[]
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition string
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid string
    OWE transition mode peer SSID.
    passphrases string[]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf string
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth string
    Port-Macauth. Valid values: disable, radius, address-group.
    portMacauthReauthTimeout number
    Port-Macauth-Reauth-Timeout.
    portMacauthTimeout number
    Port-Macauth-Timeout.
    portalMessageOverrideGroup string
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalType string
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile string
    Primary wireless access gateway profile name.
    probeRespSuppression string
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold string
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey string
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile string
    Quality of service profile name.
    quarantine string
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold string
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity string
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth string
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer string
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups string[]
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth string
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer string
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap string
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s string[]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s string[]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as string[]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap string
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s string[]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s string[]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs string[]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s string[]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s string[]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate string
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups string[]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly string
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly string
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords string[]
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk string
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey string
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections string
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedule string
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    secondaryWagProfile string
    Secondary wireless access gateway profile name.
    security string
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList string
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption string
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl string
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups string
    Selective user groups that are permitted to authenticate.
    splitTunneling string
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid string
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove string
    Sticky-Client-Remove. Valid values: disable, enable.
    stickyClientThreshold2g string
    Sticky-Client-Threshold-2G.
    stickyClientThreshold5g string
    Sticky-Client-Threshold-5G.
    stickyClientThreshold6g string
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime string
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure string
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup string
    Firewall user group to be used to authenticate WiFi users.
    utmLog string
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile string
    UTM profile name.
    utmStatus string
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom string
    Vdom.
    vlanAuto string
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanPooling string
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanid number
    Optional VLAN ID.
    voiceEnterprise string
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile string
    WebFilter profile name.
    _centmgmt str
    _Centmgmt. Valid values: disable, enable.
    _dhcp_svr_id str
    _Dhcp_Svr_Id.
    _intf_allowaccesses Sequence[str]
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intf_device_access_list str
    _Intf_Device-Access-List.
    _intf_device_identification str
    _Intf_Device-Identification. Valid values: disable, enable.
    _intf_device_netscan str
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intf_dhcp6_relay_ip str
    _Intf_Dhcp6-Relay-Ip.
    _intf_dhcp6_relay_service str
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intf_dhcp6_relay_type str
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intf_dhcp_relay_ips Sequence[str]
    _Intf_Dhcp-Relay-Ip.
    _intf_dhcp_relay_service str
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intf_dhcp_relay_type str
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intf_ip str
    _Intf_Ip.
    _intf_ip6_address str
    _Intf_Ip6-Address.
    _intf_ip6_allowaccesses Sequence[str]
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intf_listen_forticlient_connection str
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _is_factory_setting str
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes Sequence[ObjectWirelesscontrollerVapDynamicMapping_Scope]
    _Scope. The structure of _scope block is documented below.
    access_control_list str
    Access-Control-List.
    acct_interim_interval float
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additional_akms Sequence[str]
    Additional-Akms. Valid values: akm6.
    address_group str
    Address group ID.
    address_group_policy str
    Address-Group-Policy. Valid values: disable, allow, deny.
    alias str
    Alias.
    antivirus_profile str
    AntiVirus profile name.
    application_detection_engine str
    Application-Detection-Engine. Valid values: disable, enable.
    application_dscp_marking str
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    application_list str
    Application control list name.
    application_report_intv float
    Application-Report-Intv.
    atf_weight float
    Airtime weight in percentage (default = 20).
    auth str
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    auth_cert str
    HTTPS server certificate.
    auth_portal_addr str
    Address of captive portal.
    beacon_advertisings Sequence[str]
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcast_ssid str
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcast_suppressions Sequence[str]
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bss_color_partial str
    Bss-Color-Partial. Valid values: disable, enable.
    bstm_disassociation_imminent str
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    bstm_load_balancing_disassoc_timer float
    Bstm-Load-Balancing-Disassoc-Timer.
    bstm_rssi_disassoc_timer float
    Bstm-Rssi-Disassoc-Timer.
    captive_portal_ac_name str
    Local-bridging captive portal ac-name.
    captive_portal_auth_timeout float
    Captive-Portal-Auth-Timeout.
    captive_portal_fw_accounting str
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captive_portal_macauth_radius_secrets Sequence[str]
    Secret key to access the macauth RADIUS server.
    captive_portal_macauth_radius_server str
    Captive portal external RADIUS server domain name or IP address.
    captive_portal_radius_secrets Sequence[str]
    Secret key to access the RADIUS server.
    captive_portal_radius_server str
    Captive portal RADIUS server domain name or IP address.
    captive_portal_session_timeout_interval float
    Session timeout interval (0 - 864000 sec, default = 0).
    client_count float
    Client-Count.
    dhcp_address_enforcement str
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    dhcp_lease_time float
    DHCP lease time in seconds for NAT IP address.
    dhcp_option43_insertion str
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    dhcp_option82_circuit_id_insertion str
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcp_option82_insertion str
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcp_option82_remote_id_insertion str
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamic_vlan str
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eap_reauth str
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eap_reauth_intv float
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapol_key_retries str
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt str
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    external_fast_roaming str
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    external_logout str
    URL of external authentication logout server.
    external_web str
    URL of external authentication web server.
    external_web_format str
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fast_bss_transition str
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fast_roaming str
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ft_mobility_domain float
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ft_over_ds str
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ft_r0_key_lifetime float
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gas_comeback_delay float
    Gas-Comeback-Delay.
    gas_fragmentation_limit float
    Gas-Fragmentation-Limit.
    gtk_rekey str
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtk_rekey_intv float
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    high_efficiency str
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20_profile str
    Hotspot 2.0 profile name.
    igmp_snooping str
    Igmp-Snooping. Valid values: disable, enable.
    intra_vap_privacy str
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip str
    IP address and subnet mask for the local standalone NAT subnet.
    ips_sensor str
    IPS sensor name.
    ipv6_rules Sequence[str]
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex float
    WEP key index (1 - 4).
    keys Sequence[str]
    WEP Key.
    l3_roaming str
    L3-Roaming. Valid values: disable, enable.
    l3_roaming_mode str
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc str
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    local_authentication str
    Enable/disable AP local authentication. Valid values: disable, enable.
    local_bridging str
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    local_lan str
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    local_standalone str
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    local_standalone_dns str
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    local_standalone_dns_ips Sequence[str]
    IPv4 addresses for the local standalone DNS.
    local_standalone_nat str
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    local_switching str
    Local-Switching. Valid values: disable, enable.
    mac_auth_bypass str
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    mac_called_station_delimiter str
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    mac_calling_station_delimiter str
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    mac_case str
    Mac-Case. Valid values: uppercase, lowercase.
    mac_filter str
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    mac_filter_policy_other str
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    mac_password_delimiter str
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    mac_username_delimiter str
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    max_clients float
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    max_clients_ap float
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo str
    Mbo. Valid values: disable, enable.
    mbo_cell_data_conn_pref str
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    me_disable_thresh float
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    mesh_backhaul str
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk str
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpsk_concurrent_clients float
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpsk_profile str
    Mpsk-Profile.
    mu_mimo str
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicast_enhance str
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicast_rate str
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k str
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v str
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac str
    Nac. Valid values: disable, enable.
    nac_profile str
    Nac-Profile.
    neighbor_report_dual_band str
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    okc str
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen str
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    owe_groups Sequence[str]
    OWE-Groups. Valid values: 19, 20, 21.
    owe_transition str
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    owe_transition_ssid str
    OWE transition mode peer SSID.
    passphrases Sequence[str]
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf str
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmf_assoc_comeback_timeout float
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmf_sa_query_retry_timeout float
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    port_macauth str
    Port-Macauth. Valid values: disable, radius, address-group.
    port_macauth_reauth_timeout float
    Port-Macauth-Reauth-Timeout.
    port_macauth_timeout float
    Port-Macauth-Timeout.
    portal_message_override_group str
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portal_type str
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primary_wag_profile str
    Primary wireless access gateway profile name.
    probe_resp_suppression str
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probe_resp_threshold str
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptk_rekey str
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptk_rekey_intv float
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qos_profile str
    Quality of service profile name.
    quarantine str
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5g_threshold str
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radio_sensitivity str
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radius_mac_auth str
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radius_mac_auth_block_interval float
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radius_mac_auth_server str
    RADIUS-based MAC authentication server.
    radius_mac_auth_usergroups Sequence[str]
    Selective user groups that are permitted for RADIUS mac authentication.
    radius_mac_mpsk_auth str
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radius_mac_mpsk_timeout float
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radius_server str
    RADIUS server to be used to authenticate WiFi users.
    rates11ac_mcs_map str
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11ac_ss12s Sequence[str]
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11ac_ss34s Sequence[str]
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as Sequence[str]
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11ax_mcs_map str
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11ax_ss12s Sequence[str]
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11ax_ss34s Sequence[str]
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs Sequence[str]
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11n_ss12s Sequence[str]
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11n_ss34s Sequence[str]
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roaming_acct_interim_update str
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    sae_groups Sequence[str]
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    sae_h2e_only str
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_hnp_only str
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    sae_passwords Sequence[str]
    WPA3 SAE password to be used to authenticate WiFi users.
    sae_pk str
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    sae_private_key str
    Private key used for WPA3 SAE-PK authentication.
    scan_botnet_connections str
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedule str
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    secondary_wag_profile str
    Secondary wireless access gateway profile name.
    security str
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    security_exempt_list str
    Optional security exempt list for captive portal authentication.
    security_obsolete_option str
    Enable/disable obsolete security options. Valid values: disable, enable.
    security_redirect_url str
    Optional URL for redirecting users after they pass captive portal authentication.
    selected_usergroups str
    Selective user groups that are permitted to authenticate.
    split_tunneling str
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid str
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    sticky_client_remove str
    Sticky-Client-Remove. Valid values: disable, enable.
    sticky_client_threshold2g str
    Sticky-Client-Threshold-2G.
    sticky_client_threshold5g str
    Sticky-Client-Threshold-5G.
    sticky_client_threshold6g str
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    target_wake_time str
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkip_counter_measure str
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnel_echo_interval float
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnel_fallback_interval float
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup str
    Firewall user group to be used to authenticate WiFi users.
    utm_log str
    Enable/disable UTM logging. Valid values: disable, enable.
    utm_profile str
    UTM profile name.
    utm_status str
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom str
    Vdom.
    vlan_auto str
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlan_pooling str
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanid float
    Optional VLAN ID.
    voice_enterprise str
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilter_profile str
    WebFilter profile name.
    _centmgmt String
    _Centmgmt. Valid values: disable, enable.
    _dhcpSvrId String
    _Dhcp_Svr_Id.
    _intfAllowaccesses List<String>
    _Intf_Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, fgfm, auto-ipsec, radius-acct, probe-response, capwap.
    _intfDeviceAccessList String
    _Intf_Device-Access-List.
    _intfDeviceIdentification String
    _Intf_Device-Identification. Valid values: disable, enable.
    _intfDeviceNetscan String
    _Intf_Device-Netscan. Valid values: disable, enable.
    _intfDhcp6RelayIp String
    _Intf_Dhcp6-Relay-Ip.
    _intfDhcp6RelayService String
    _Intf_Dhcp6-Relay-Service. Valid values: disable, enable.
    _intfDhcp6RelayType String
    _Intf_Dhcp6-Relay-Type. Valid values: regular.
    _intfDhcpRelayIps List<String>
    _Intf_Dhcp-Relay-Ip.
    _intfDhcpRelayService String
    _Intf_Dhcp-Relay-Service. Valid values: disable, enable.
    _intfDhcpRelayType String
    _Intf_Dhcp-Relay-Type. Valid values: regular, ipsec.
    _intfIp String
    _Intf_Ip.
    _intfIp6Address String
    _Intf_Ip6-Address.
    _intfIp6Allowaccesses List<String>
    _Intf_Ip6-Allowaccess. Valid values: https, ping, ssh, snmp, http, telnet, any, fgfm, capwap.
    _intfListenForticlientConnection String
    _Intf_Listen-Forticlient-Connection. Valid values: disable, enable.
    _isFactorySetting String
    _Is_Factory_Setting. Valid values: disable, enable, ext.
    _scopes List<Property Map>
    _Scope. The structure of _scope block is documented below.
    accessControlList String
    Access-Control-List.
    acctInterimInterval Number
    WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
    additionalAkms List<String>
    Additional-Akms. Valid values: akm6.
    addressGroup String
    Address group ID.
    addressGroupPolicy String
    Address-Group-Policy. Valid values: disable, allow, deny.
    alias String
    Alias.
    antivirusProfile String
    AntiVirus profile name.
    applicationDetectionEngine String
    Application-Detection-Engine. Valid values: disable, enable.
    applicationDscpMarking String
    Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable, enable.
    applicationList String
    Application control list name.
    applicationReportIntv Number
    Application-Report-Intv.
    atfWeight Number
    Airtime weight in percentage (default = 20).
    auth String
    Authentication protocol. Valid values: PSK, psk, RADIUS, radius, usergroup.
    authCert String
    HTTPS server certificate.
    authPortalAddr String
    Address of captive portal.
    beaconAdvertisings List<String>
    Fortinet beacon advertising IE data (default = empty). Valid values: name, model, serial-number.
    broadcastSsid String
    Enable/disable broadcasting the SSID (default = enable). Valid values: disable, enable.
    broadcastSuppressions List<String>
    Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp, arp, dhcp2, arp2, netbios-ns, netbios-ds, arp3, dhcp-up, dhcp-down, arp-known, arp-unknown, arp-reply, ipv6, dhcp-starvation, arp-poison, all-other-mc, all-other-bc, arp-proxy, dhcp-ucast.
    bssColorPartial String
    Bss-Color-Partial. Valid values: disable, enable.
    bstmDisassociationImminent String
    Bstm-Disassociation-Imminent. Valid values: disable, enable.
    bstmLoadBalancingDisassocTimer Number
    Bstm-Load-Balancing-Disassoc-Timer.
    bstmRssiDisassocTimer Number
    Bstm-Rssi-Disassoc-Timer.
    captivePortalAcName String
    Local-bridging captive portal ac-name.
    captivePortalAuthTimeout Number
    Captive-Portal-Auth-Timeout.
    captivePortalFwAccounting String
    Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable, enable.
    captivePortalMacauthRadiusSecrets List<String>
    Secret key to access the macauth RADIUS server.
    captivePortalMacauthRadiusServer String
    Captive portal external RADIUS server domain name or IP address.
    captivePortalRadiusSecrets List<String>
    Secret key to access the RADIUS server.
    captivePortalRadiusServer String
    Captive portal RADIUS server domain name or IP address.
    captivePortalSessionTimeoutInterval Number
    Session timeout interval (0 - 864000 sec, default = 0).
    clientCount Number
    Client-Count.
    dhcpAddressEnforcement String
    Dhcp-Address-Enforcement. Valid values: disable, enable.
    dhcpLeaseTime Number
    DHCP lease time in seconds for NAT IP address.
    dhcpOption43Insertion String
    Dhcp-Option43-Insertion. Valid values: disable, enable.
    dhcpOption82CircuitIdInsertion String
    Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable, style-1, style-2, style-3.
    dhcpOption82Insertion String
    Enable/disable DHCP option 82 insert (default = disable). Valid values: disable, enable.
    dhcpOption82RemoteIdInsertion String
    Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable, style-1.
    dynamicVlan String
    Enable/disable dynamic VLAN assignment. Valid values: disable, enable.
    eapReauth String
    Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable, enable.
    eapReauthIntv Number
    EAP re-authentication interval (1800 - 864000 sec, default = 86400).
    eapolKeyRetries String
    Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable, enable.
    encrypt String
    Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP, AES, TKIP-AES.
    externalFastRoaming String
    Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable, enable.
    externalLogout String
    URL of external authentication logout server.
    externalWeb String
    URL of external authentication web server.
    externalWebFormat String
    URL query parameter detection (default = auto-detect). Valid values: auto-detect, no-query-string, partial-query-string.
    fastBssTransition String
    Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable, enable.
    fastRoaming String
    Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable, enable.
    ftMobilityDomain Number
    Mobility domain identifier in FT (1 - 65535, default = 1000).
    ftOverDs String
    Enable/disable FT over the Distribution System (DS). Valid values: disable, enable.
    ftR0KeyLifetime Number
    Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
    gasComebackDelay Number
    Gas-Comeback-Delay.
    gasFragmentationLimit Number
    Gas-Fragmentation-Limit.
    gtkRekey String
    Enable/disable GTK rekey for WPA security. Valid values: disable, enable.
    gtkRekeyIntv Number
    GTK rekey interval (1800 - 864000 sec, default = 86400).
    highEfficiency String
    Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable, enable.
    hotspot20Profile String
    Hotspot 2.0 profile name.
    igmpSnooping String
    Igmp-Snooping. Valid values: disable, enable.
    intraVapPrivacy String
    Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable, enable.
    ip String
    IP address and subnet mask for the local standalone NAT subnet.
    ipsSensor String
    IPS sensor name.
    ipv6Rules List<String>
    Ipv6-Rules. Valid values: drop-icmp6ra, drop-icmp6rs, drop-llmnr6, drop-icmp6mld2, drop-dhcp6s, drop-dhcp6c, ndp-proxy, drop-ns-dad, drop-ns-nondad.
    keyindex Number
    WEP key index (1 - 4).
    keys List<String>
    WEP Key.
    l3Roaming String
    L3-Roaming. Valid values: disable, enable.
    l3RoamingMode String
    Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct, indirect.
    ldpc String
    VAP low-density parity-check (LDPC) coding configuration. Valid values: disable, tx, rx, rxtx.
    localAuthentication String
    Enable/disable AP local authentication. Valid values: disable, enable.
    localBridging String
    Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable, enable.
    localLan String
    Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny, allow.
    localStandalone String
    Enable/disable AP local standalone (default = disable). Valid values: disable, enable.
    localStandaloneDns String
    Enable/disable AP local standalone DNS. Valid values: disable, enable.
    localStandaloneDnsIps List<String>
    IPv4 addresses for the local standalone DNS.
    localStandaloneNat String
    Enable/disable AP local standalone NAT mode. Valid values: disable, enable.
    localSwitching String
    Local-Switching. Valid values: disable, enable.
    macAuthBypass String
    Enable/disable MAC authentication bypass. Valid values: disable, enable.
    macCalledStationDelimiter String
    Mac-Called-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCallingStationDelimiter String
    Mac-Calling-Station-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macCase String
    Mac-Case. Valid values: uppercase, lowercase.
    macFilter String
    Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable, enable.
    macFilterPolicyOther String
    Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny, allow.
    macPasswordDelimiter String
    Mac-Password-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    macUsernameDelimiter String
    Mac-Username-Delimiter. Valid values: hyphen, single-hyphen, colon, none.
    maxClients Number
    Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
    maxClientsAp Number
    Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
    mbo String
    Mbo. Valid values: disable, enable.
    mboCellDataConnPref String
    Mbo-Cell-Data-Conn-Pref. Valid values: excluded, prefer-not, prefer-use.
    meDisableThresh Number
    Disable multicast enhancement when this many clients are receiving multicast traffic.
    meshBackhaul String
    Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable, enable.
    mpsk String
    Enable/disable multiple PSK authentication. Valid values: disable, enable.
    mpskConcurrentClients Number
    Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
    mpskProfile String
    Mpsk-Profile.
    muMimo String
    Enable/disable Multi-user MIMO (default = enable). Valid values: disable, enable.
    multicastEnhance String
    Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable, enable.
    multicastRate String
    Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0, 6000, 12000, 24000.
    n80211k String
    Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable, enable.
    n80211v String
    Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable, enable.
    nac String
    Nac. Valid values: disable, enable.
    nacProfile String
    Nac-Profile.
    neighborReportDualBand String
    Neighbor-Report-Dual-Band. Valid values: disable, enable.
    okc String
    Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable, enable.
    osen String
    Enable/disable OSEN as part of key management (default = disable). Valid values: disable, enable.
    oweGroups List<String>
    OWE-Groups. Valid values: 19, 20, 21.
    oweTransition String
    Enable/disable OWE transition mode support. Valid values: disable, enable.
    oweTransitionSsid String
    OWE transition mode peer SSID.
    passphrases List<String>
    WPA pre-shared key (PSK) to be used to authenticate WiFi users.
    pmf String
    Protected Management Frames (PMF) support (default = disable). Valid values: disable, enable, optional.
    pmfAssocComebackTimeout Number
    Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
    pmfSaQueryRetryTimeout Number
    Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
    portMacauth String
    Port-Macauth. Valid values: disable, radius, address-group.
    portMacauthReauthTimeout Number
    Port-Macauth-Reauth-Timeout.
    portMacauthTimeout Number
    Port-Macauth-Timeout.
    portalMessageOverrideGroup String
    Replacement message group for this VAP (only available when security is set to a captive portal type).
    portalType String
    Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth, auth+disclaimer, disclaimer, email-collect, cmcc, cmcc-macauth, auth-mac, external-auth.
    primaryWagProfile String
    Primary wireless access gateway profile name.
    probeRespSuppression String
    Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable, enable.
    probeRespThreshold String
    Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
    ptkRekey String
    Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable, enable.
    ptkRekeyIntv Number
    PTK rekey interval (1800 - 864000 sec, default = 86400).
    qosProfile String
    Quality of service profile name.
    quarantine String
    Enable/disable station quarantine (default = enable). Valid values: disable, enable.
    radio2gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
    radio5gThreshold String
    Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
    radioSensitivity String
    Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable, enable.
    radiusMacAuth String
    Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable, enable.
    radiusMacAuthBlockInterval Number
    Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
    radiusMacAuthServer String
    RADIUS-based MAC authentication server.
    radiusMacAuthUsergroups List<String>
    Selective user groups that are permitted for RADIUS mac authentication.
    radiusMacMpskAuth String
    Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable, enable.
    radiusMacMpskTimeout Number
    RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
    radiusServer String
    RADIUS server to be used to authenticate WiFi users.
    rates11acMcsMap String
    Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
    rates11acSs12s List<String>
    Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/1, mcs11/1, mcs10/2, mcs11/2.
    rates11acSs34s List<String>
    Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/3, mcs11/3, mcs10/4, mcs11/4.
    rates11as List<String>
    Allowed data rates for 802.11a. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11axMcsMap String
    Comma separated list of max supported HE MCS for spatial streams 1 through 8.
    rates11axSs12s List<String>
    Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/1, mcs9/1, mcs10/1, mcs11/1, mcs0/2, mcs1/2, mcs2/2, mcs3/2, mcs4/2, mcs5/2, mcs6/2, mcs7/2, mcs8/2, mcs9/2, mcs10/2, mcs11/2.
    rates11axSs34s List<String>
    Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3, mcs1/3, mcs2/3, mcs3/3, mcs4/3, mcs5/3, mcs6/3, mcs7/3, mcs8/3, mcs9/3, mcs10/3, mcs11/3, mcs0/4, mcs1/4, mcs2/4, mcs3/4, mcs4/4, mcs5/4, mcs6/4, mcs7/4, mcs8/4, mcs9/4, mcs10/4, mcs11/4.
    rates11bgs List<String>
    Allowed data rates for 802.11b/g. Valid values: 1, 1-basic, 2, 2-basic, 5.5, 5.5-basic, 6, 6-basic, 9, 9-basic, 12, 12-basic, 18, 18-basic, 24, 24-basic, 36, 36-basic, 48, 48-basic, 54, 54-basic, 11, 11-basic.
    rates11nSs12s List<String>
    Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1, mcs1/1, mcs2/1, mcs3/1, mcs4/1, mcs5/1, mcs6/1, mcs7/1, mcs8/2, mcs9/2, mcs10/2, mcs11/2, mcs12/2, mcs13/2, mcs14/2, mcs15/2.
    rates11nSs34s List<String>
    Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3, mcs17/3, mcs18/3, mcs19/3, mcs20/3, mcs21/3, mcs22/3, mcs23/3, mcs24/4, mcs25/4, mcs26/4, mcs27/4, mcs28/4, mcs29/4, mcs30/4, mcs31/4.
    roamingAcctInterimUpdate String
    Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable, enable.
    saeGroups List<String>
    SAE-Groups. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.
    saeH2eOnly String
    Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saeHnpOnly String
    Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable, enable.
    saePasswords List<String>
    WPA3 SAE password to be used to authenticate WiFi users.
    saePk String
    Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable, enable.
    saePrivateKey String
    Private key used for WPA3 SAE-PK authentication.
    scanBotnetConnections String
    Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable, block, monitor.
    schedule String
    Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
    secondaryWagProfile String
    Secondary wireless access gateway profile name.
    security String
    Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None, WEP64, wep64, WEP128, wep128, WPA_PSK, WPA_RADIUS, WPA, WPA2, WPA2_AUTO, open, wpa-personal, wpa-enterprise, captive-portal, wpa-only-personal, wpa-only-enterprise, wpa2-only-personal, wpa2-only-enterprise, wpa-personal+captive-portal, wpa-only-personal+captive-portal, wpa2-only-personal+captive-portal, osen, wpa3-enterprise, sae, sae-transition, owe, wpa3-sae, wpa3-sae-transition.
    securityExemptList String
    Optional security exempt list for captive portal authentication.
    securityObsoleteOption String
    Enable/disable obsolete security options. Valid values: disable, enable.
    securityRedirectUrl String
    Optional URL for redirecting users after they pass captive portal authentication.
    selectedUsergroups String
    Selective user groups that are permitted to authenticate.
    splitTunneling String
    Enable/disable split tunneling (default = disable). Valid values: disable, enable.
    ssid String
    IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
    stickyClientRemove String
    Sticky-Client-Remove. Valid values: disable, enable.
    stickyClientThreshold2g String
    Sticky-Client-Threshold-2G.
    stickyClientThreshold5g String
    Sticky-Client-Threshold-5G.
    stickyClientThreshold6g String
    Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
    targetWakeTime String
    Enable/disable 802.11ax target wake time (default = enable). Valid values: disable, enable.
    tkipCounterMeasure String
    Enable/disable TKIP counter measure. Valid values: disable, enable.
    tunnelEchoInterval Number
    The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
    tunnelFallbackInterval Number
    The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
    usergroup String
    Firewall user group to be used to authenticate WiFi users.
    utmLog String
    Enable/disable UTM logging. Valid values: disable, enable.
    utmProfile String
    UTM profile name.
    utmStatus String
    Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable, enable.
    vdom String
    Vdom.
    vlanAuto String
    Enable/disable automatic management of SSID VLAN interface. Valid values: disable, enable.
    vlanPooling String
    Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group, round-robin, hash, disable.
    vlanid Number
    Optional VLAN ID.
    voiceEnterprise String
    Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable, enable.
    webfilterProfile String
    WebFilter profile name.

    ObjectWirelesscontrollerVapDynamicMapping_Scope, ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs

    Name string
    Name.
    Vdom string
    Vdom.
    Name string
    Name.
    Vdom string
    Vdom.
    name String
    Name.
    vdom String
    Vdom.
    name string
    Name.
    vdom string
    Vdom.
    name str
    Name.
    vdom str
    Vdom.
    name String
    Name.
    vdom String
    Vdom.

    ObjectWirelesscontrollerVapMacFilterList, ObjectWirelesscontrollerVapMacFilterListArgs

    Id double
    ID.
    Mac string
    MAC address.
    MacFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: deny, allow.
    Id float64
    ID.
    Mac string
    MAC address.
    MacFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: deny, allow.
    id Double
    ID.
    mac String
    MAC address.
    macFilterPolicy String
    Deny or allow the client with this MAC address. Valid values: deny, allow.
    id number
    ID.
    mac string
    MAC address.
    macFilterPolicy string
    Deny or allow the client with this MAC address. Valid values: deny, allow.
    id float
    ID.
    mac str
    MAC address.
    mac_filter_policy str
    Deny or allow the client with this MAC address. Valid values: deny, allow.
    id Number
    ID.
    mac String
    MAC address.
    macFilterPolicy String
    Deny or allow the client with this MAC address. Valid values: deny, allow.

    ObjectWirelesscontrollerVapMpskKey, ObjectWirelesscontrollerVapMpskKeyArgs

    Comment string
    Comment.
    ConcurrentClients string
    Number of clients that can connect using this pre-shared key.
    KeyName string
    Pre-shared key name.
    MpskSchedules string
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    Passphrases List<string>
    WPA Pre-shared key.
    Comment string
    Comment.
    ConcurrentClients string
    Number of clients that can connect using this pre-shared key.
    KeyName string
    Pre-shared key name.
    MpskSchedules string
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    Passphrases []string
    WPA Pre-shared key.
    comment String
    Comment.
    concurrentClients String
    Number of clients that can connect using this pre-shared key.
    keyName String
    Pre-shared key name.
    mpskSchedules String
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    passphrases List<String>
    WPA Pre-shared key.
    comment string
    Comment.
    concurrentClients string
    Number of clients that can connect using this pre-shared key.
    keyName string
    Pre-shared key name.
    mpskSchedules string
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    passphrases string[]
    WPA Pre-shared key.
    comment str
    Comment.
    concurrent_clients str
    Number of clients that can connect using this pre-shared key.
    key_name str
    Pre-shared key name.
    mpsk_schedules str
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    passphrases Sequence[str]
    WPA Pre-shared key.
    comment String
    Comment.
    concurrentClients String
    Number of clients that can connect using this pre-shared key.
    keyName String
    Pre-shared key name.
    mpskSchedules String
    Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
    passphrases List<String>
    WPA Pre-shared key.

    ObjectWirelesscontrollerVapPortalMessageOverrides, ObjectWirelesscontrollerVapPortalMessageOverridesArgs

    AuthDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    AuthLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    AuthLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    AuthRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    AuthDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    AuthLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    AuthLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    AuthRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage String
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage String
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage String
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage String
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage string
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage string
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage string
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage string
    Override auth-reject-page message with message from portal-message-overrides group.
    auth_disclaimer_page str
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    auth_login_failed_page str
    Override auth-login-failed-page message with message from portal-message-overrides group.
    auth_login_page str
    Override auth-login-page message with message from portal-message-overrides group.
    auth_reject_page str
    Override auth-reject-page message with message from portal-message-overrides group.
    authDisclaimerPage String
    Override auth-disclaimer-page message with message from portal-message-overrides group.
    authLoginFailedPage String
    Override auth-login-failed-page message with message from portal-message-overrides group.
    authLoginPage String
    Override auth-login-page message with message from portal-message-overrides group.
    authRejectPage String
    Override auth-reject-page message with message from portal-message-overrides group.

    ObjectWirelesscontrollerVapVlanName, ObjectWirelesscontrollerVapVlanNameArgs

    Name string
    VLAN name.
    VlanId double
    VLAN ID.
    Name string
    VLAN name.
    VlanId float64
    VLAN ID.
    name String
    VLAN name.
    vlanId Double
    VLAN ID.
    name string
    VLAN name.
    vlanId number
    VLAN ID.
    name str
    VLAN name.
    vlan_id float
    VLAN ID.
    name String
    VLAN name.
    vlanId Number
    VLAN ID.

    ObjectWirelesscontrollerVapVlanPool, ObjectWirelesscontrollerVapVlanPoolArgs

    Id double
    ID.
    _wtpGroup string
    _Wtp-Group.
    Id float64
    ID.
    _wtpGroup string
    _Wtp-Group.
    _wtpGroup String
    _Wtp-Group.
    id Double
    ID.
    _wtpGroup string
    _Wtp-Group.
    id number
    ID.
    _wtp_group str
    _Wtp-Group.
    id float
    ID.
    _wtpGroup String
    _Wtp-Group.
    id Number
    ID.

    Import

    ObjectWirelessController Vap can be imported using any of these accepted formats:

    $ export “FORTIMANAGER_IMPORT_TABLE”=“true”

    $ pulumi import fortimanager:index/objectWirelesscontrollerVap:ObjectWirelesscontrollerVap labelname {{name}}

    $ unset “FORTIMANAGER_IMPORT_TABLE”

    -> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortimanager fortinetdev/terraform-provider-fortimanager
    License
    Notes
    This Pulumi package is based on the fortimanager Terraform Provider.
    fortimanager logo
    fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
    fortinetdev/terraform-provider-fortimanager