@pulumiverse/fortios
Version:
A Pulumi package for creating and managing Fortios resources. Based on terraform-provider-fortios: version v1.16.0
1,127 lines (1,126 loc) • 48.1 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Configure virtual IP for IPv6.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fortios from "@pulumiverse/fortios";
*
* const trname = new fortios.firewall.Vip6("trname", {
* arpReply: "enable",
* color: 0,
* extip: "2001:1:1:12::100",
* extport: "0-65535",
* fosid: 0,
* httpCookieAge: 60,
* httpCookieDomainFromHost: "disable",
* httpCookieGeneration: 0,
* httpCookieShare: "same-ip",
* httpIpHeader: "disable",
* httpMultiplex: "disable",
* httpsCookieSecure: "disable",
* ldbMethod: "static",
* mappedip: "2001:1:1:12::200",
* mappedport: "0-65535",
* maxEmbryonicConnections: 1000,
* outlookWebAccess: "disable",
* persistence: "none",
* portforward: "disable",
* protocol: "tcp",
* sslAlgorithm: "high",
* sslClientFallback: "enable",
* sslClientRenegotiation: "secure",
* sslClientSessionStateMax: 1000,
* sslClientSessionStateTimeout: 30,
* sslClientSessionStateType: "both",
* sslDhBits: "2048",
* sslHpkp: "disable",
* sslHpkpAge: 5184000,
* sslHpkpIncludeSubdomains: "disable",
* sslHsts: "disable",
* sslHstsAge: 5184000,
* sslHstsIncludeSubdomains: "disable",
* sslHttpLocationConversion: "disable",
* sslHttpMatchHost: "enable",
* sslMaxVersion: "tls-1.2",
* sslMinVersion: "tls-1.1",
* sslMode: "half",
* sslPfs: "require",
* sslSendEmptyFrags: "enable",
* sslServerAlgorithm: "client",
* sslServerMaxVersion: "client",
* sslServerMinVersion: "client",
* sslServerSessionStateMax: 100,
* sslServerSessionStateTimeout: 60,
* sslServerSessionStateType: "both",
* type: "static-nat",
* weblogicServer: "disable",
* websphereServer: "disable",
* });
* ```
*
* ## Import
*
* Firewall Vip6 can be imported using any of these accepted formats:
*
* ```sh
* $ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
* ```
*
* If you do not want to import arguments of block:
*
* $ export "FORTIOS_IMPORT_TABLE"="false"
*
* ```sh
* $ pulumi import fortios:firewall/vip6:Vip6 labelname {{name}}
* ```
*
* $ unset "FORTIOS_IMPORT_TABLE"
*/
export declare class Vip6 extends pulumi.CustomResource {
/**
* Get an existing Vip6 resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: Vip6State, opts?: pulumi.CustomResourceOptions): Vip6;
/**
* Returns true if the given object is an instance of Vip6. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Vip6;
/**
* Enable/disable adding NAT64 route. Valid values: `disable`, `enable`.
*/
readonly addNat64Route: pulumi.Output<string>;
/**
* Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: `disable`, `enable`.
*/
readonly arpReply: pulumi.Output<string>;
/**
* Color of icon on the GUI.
*/
readonly color: pulumi.Output<number>;
/**
* Comment.
*/
readonly comment: pulumi.Output<string | undefined>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
readonly dynamicSortSubtable: pulumi.Output<string | undefined>;
/**
* Enable/disable embedded IPv4 address. Valid values: `disable`, `enable`.
*/
readonly embeddedIpv4Address: pulumi.Output<string>;
/**
* IP address or address range on the external interface that you want to map to an address or address range on the destination network.
*/
readonly extip: pulumi.Output<string>;
/**
* Incoming port number range that you want to map to a port number range on the destination network.
*/
readonly extport: pulumi.Output<string>;
/**
* Custom defined ID.
*/
readonly fosid: pulumi.Output<number>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
readonly getAllTables: pulumi.Output<string | undefined>;
/**
* Enable/disable HTTP2 support (default = enable). Valid values: `enable`, `disable`.
*/
readonly h2Support: pulumi.Output<string>;
/**
* Enable/disable HTTP3/QUIC support (default = disable). Valid values: `enable`, `disable`.
*/
readonly h3Support: pulumi.Output<string>;
/**
* Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
*/
readonly httpCookieAge: pulumi.Output<number>;
/**
* Domain that HTTP cookie persistence should apply to.
*/
readonly httpCookieDomain: pulumi.Output<string>;
/**
* Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: `disable`, `enable`.
*/
readonly httpCookieDomainFromHost: pulumi.Output<string>;
/**
* Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
*/
readonly httpCookieGeneration: pulumi.Output<number>;
/**
* Limit HTTP cookie persistence to the specified path.
*/
readonly httpCookiePath: pulumi.Output<string>;
/**
* Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: `disable`, `same-ip`.
*/
readonly httpCookieShare: pulumi.Output<string>;
/**
* For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: `enable`, `disable`.
*/
readonly httpIpHeader: pulumi.Output<string>;
/**
* For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
*/
readonly httpIpHeaderName: pulumi.Output<string>;
/**
* Enable/disable HTTP multiplexing. Valid values: `enable`, `disable`.
*/
readonly httpMultiplex: pulumi.Output<string>;
/**
* Enable/disable redirection of HTTP to HTTPS Valid values: `enable`, `disable`.
*/
readonly httpRedirect: pulumi.Output<string>;
/**
* Enable/disable verification that inserted HTTPS cookies are secure. Valid values: `disable`, `enable`.
*/
readonly httpsCookieSecure: pulumi.Output<string>;
/**
* Start-mapped-IPv4-address [-end mapped-IPv4-address].
*/
readonly ipv4Mappedip: pulumi.Output<string>;
/**
* IPv4 port number range on the destination network to which the external port number range is mapped.
*/
readonly ipv4Mappedport: pulumi.Output<string>;
/**
* Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `least-session`, `least-rtt`, `first-alive`, `http-host`.
*/
readonly ldbMethod: pulumi.Output<string>;
/**
* Mapped IP address range in the format startIP-endIP.
*/
readonly mappedip: pulumi.Output<string>;
/**
* Port number range on the destination network to which the external port number range is mapped.
*/
readonly mappedport: pulumi.Output<string>;
/**
* Maximum number of incomplete connections.
*/
readonly maxEmbryonicConnections: pulumi.Output<number>;
/**
* Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of `monitor` block is documented below.
*/
readonly monitors: pulumi.Output<outputs.firewall.Vip6Monitor[] | undefined>;
/**
* Virtual ip6 name.
*/
readonly name: pulumi.Output<string>;
/**
* Enable/disable DNAT64. Valid values: `disable`, `enable`.
*/
readonly nat64: pulumi.Output<string>;
/**
* Enable/disable DNAT66. Valid values: `disable`, `enable`.
*/
readonly nat66: pulumi.Output<string>;
/**
* Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: `disable`, `enable`.
*/
readonly natSourceVip: pulumi.Output<string>;
/**
* Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: `disable`, `enable`.
*/
readonly ndpReply: pulumi.Output<string>;
/**
* Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: `disable`, `enable`.
*/
readonly outlookWebAccess: pulumi.Output<string>;
/**
* Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`, `ssl-session-id`.
*/
readonly persistence: pulumi.Output<string>;
/**
* Enable port forwarding. Valid values: `disable`, `enable`.
*/
readonly portforward: pulumi.Output<string>;
/**
* Protocol to use when forwarding packets. Valid values: `tcp`, `udp`, `sctp`.
*/
readonly protocol: pulumi.Output<string>;
/**
* QUIC setting. The structure of `quic` block is documented below.
*/
readonly quic: pulumi.Output<outputs.firewall.Vip6Quic>;
/**
* Select the real servers that this server load balancing VIP will distribute traffic to. The structure of `realservers` block is documented below.
*/
readonly realservers: pulumi.Output<outputs.firewall.Vip6Realserver[] | undefined>;
/**
* Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: `http`, `https`, `imaps`, `pop3s`, `smtps`, `ssl`, `tcp`, `udp`, `ip`.
*/
readonly serverType: pulumi.Output<string>;
/**
* Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of `srcFilter` block is documented below.
*/
readonly srcFilters: pulumi.Output<outputs.firewall.Vip6SrcFilter[] | undefined>;
/**
* Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: `disable`, `enable`.
*/
readonly srcVipFilter: pulumi.Output<string>;
/**
* Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: `enable`, `disable`.
*/
readonly sslAcceptFfdheGroups: pulumi.Output<string>;
/**
* Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`.
*/
readonly sslAlgorithm: pulumi.Output<string>;
/**
* The name of the SSL certificate to use for SSL acceleration.
*/
readonly sslCertificate: pulumi.Output<string>;
/**
* SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of `sslCipherSuites` block is documented below.
*/
readonly sslCipherSuites: pulumi.Output<outputs.firewall.Vip6SslCipherSuite[] | undefined>;
/**
* Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: `disable`, `enable`.
*/
readonly sslClientFallback: pulumi.Output<string>;
/**
* Maximum length of data in MB before triggering a client rekey (0 = disable).
*/
readonly sslClientRekeyCount: pulumi.Output<number>;
/**
* Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: `allow`, `deny`, `secure`.
*/
readonly sslClientRenegotiation: pulumi.Output<string>;
/**
* Maximum number of client to FortiGate SSL session states to keep.
*/
readonly sslClientSessionStateMax: pulumi.Output<number>;
/**
* Number of minutes to keep client to FortiGate SSL session state.
*/
readonly sslClientSessionStateTimeout: pulumi.Output<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
readonly sslClientSessionStateType: pulumi.Output<string>;
/**
* Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: `768`, `1024`, `1536`, `2048`, `3072`, `4096`.
*/
readonly sslDhBits: pulumi.Output<string>;
/**
* Enable/disable including HPKP header in response. Valid values: `disable`, `enable`, `report-only`.
*/
readonly sslHpkp: pulumi.Output<string>;
/**
* Number of minutes the web browser should keep HPKP.
*/
readonly sslHpkpAge: pulumi.Output<number>;
/**
* Certificate to generate backup HPKP pin from.
*/
readonly sslHpkpBackup: pulumi.Output<string>;
/**
* Indicate that HPKP header applies to all subdomains. Valid values: `disable`, `enable`.
*/
readonly sslHpkpIncludeSubdomains: pulumi.Output<string>;
/**
* Certificate to generate primary HPKP pin from.
*/
readonly sslHpkpPrimary: pulumi.Output<string>;
/**
* URL to report HPKP violations to.
*/
readonly sslHpkpReportUri: pulumi.Output<string | undefined>;
/**
* Enable/disable including HSTS header in response. Valid values: `disable`, `enable`.
*/
readonly sslHsts: pulumi.Output<string>;
/**
* Number of seconds the client should honour the HSTS setting.
*/
readonly sslHstsAge: pulumi.Output<number>;
/**
* Indicate that HSTS header applies to all subdomains. Valid values: `disable`, `enable`.
*/
readonly sslHstsIncludeSubdomains: pulumi.Output<string>;
/**
* Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: `enable`, `disable`.
*/
readonly sslHttpLocationConversion: pulumi.Output<string>;
/**
* Enable/disable HTTP host matching for location conversion. Valid values: `enable`, `disable`.
*/
readonly sslHttpMatchHost: pulumi.Output<string>;
/**
* Highest SSL/TLS version acceptable from a client.
*/
readonly sslMaxVersion: pulumi.Output<string>;
/**
* Lowest SSL/TLS version acceptable from a client.
*/
readonly sslMinVersion: pulumi.Output<string>;
/**
* Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: `half`, `full`.
*/
readonly sslMode: pulumi.Output<string>;
/**
* Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: `require`, `deny`, `allow`.
*/
readonly sslPfs: pulumi.Output<string>;
/**
* Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: `enable`, `disable`.
*/
readonly sslSendEmptyFrags: pulumi.Output<string>;
/**
* Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`, `client`.
*/
readonly sslServerAlgorithm: pulumi.Output<string>;
/**
* SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of `sslServerCipherSuites` block is documented below.
*/
readonly sslServerCipherSuites: pulumi.Output<outputs.firewall.Vip6SslServerCipherSuite[] | undefined>;
/**
* Highest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
readonly sslServerMaxVersion: pulumi.Output<string>;
/**
* Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
readonly sslServerMinVersion: pulumi.Output<string>;
/**
* Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`.
*/
readonly sslServerRenegotiation: pulumi.Output<string>;
/**
* Maximum number of FortiGate to Server SSL session states to keep.
*/
readonly sslServerSessionStateMax: pulumi.Output<number>;
/**
* Number of minutes to keep FortiGate to Server SSL session state.
*/
readonly sslServerSessionStateTimeout: pulumi.Output<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
readonly sslServerSessionStateType: pulumi.Output<string>;
/**
* Configure a static NAT or server load balance VIP.
*/
readonly type: pulumi.Output<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
readonly uuid: pulumi.Output<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
readonly vdomparam: pulumi.Output<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: `disable`, `enable`.
*/
readonly weblogicServer: pulumi.Output<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: `disable`, `enable`.
*/
readonly websphereServer: pulumi.Output<string>;
/**
* Create a Vip6 resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: Vip6Args, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Vip6 resources.
*/
export interface Vip6State {
/**
* Enable/disable adding NAT64 route. Valid values: `disable`, `enable`.
*/
addNat64Route?: pulumi.Input<string>;
/**
* Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: `disable`, `enable`.
*/
arpReply?: pulumi.Input<string>;
/**
* Color of icon on the GUI.
*/
color?: pulumi.Input<number>;
/**
* Comment.
*/
comment?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Enable/disable embedded IPv4 address. Valid values: `disable`, `enable`.
*/
embeddedIpv4Address?: pulumi.Input<string>;
/**
* IP address or address range on the external interface that you want to map to an address or address range on the destination network.
*/
extip?: pulumi.Input<string>;
/**
* Incoming port number range that you want to map to a port number range on the destination network.
*/
extport?: pulumi.Input<string>;
/**
* Custom defined ID.
*/
fosid?: pulumi.Input<number>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable HTTP2 support (default = enable). Valid values: `enable`, `disable`.
*/
h2Support?: pulumi.Input<string>;
/**
* Enable/disable HTTP3/QUIC support (default = disable). Valid values: `enable`, `disable`.
*/
h3Support?: pulumi.Input<string>;
/**
* Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
*/
httpCookieAge?: pulumi.Input<number>;
/**
* Domain that HTTP cookie persistence should apply to.
*/
httpCookieDomain?: pulumi.Input<string>;
/**
* Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: `disable`, `enable`.
*/
httpCookieDomainFromHost?: pulumi.Input<string>;
/**
* Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
*/
httpCookieGeneration?: pulumi.Input<number>;
/**
* Limit HTTP cookie persistence to the specified path.
*/
httpCookiePath?: pulumi.Input<string>;
/**
* Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: `disable`, `same-ip`.
*/
httpCookieShare?: pulumi.Input<string>;
/**
* For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: `enable`, `disable`.
*/
httpIpHeader?: pulumi.Input<string>;
/**
* For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
*/
httpIpHeaderName?: pulumi.Input<string>;
/**
* Enable/disable HTTP multiplexing. Valid values: `enable`, `disable`.
*/
httpMultiplex?: pulumi.Input<string>;
/**
* Enable/disable redirection of HTTP to HTTPS Valid values: `enable`, `disable`.
*/
httpRedirect?: pulumi.Input<string>;
/**
* Enable/disable verification that inserted HTTPS cookies are secure. Valid values: `disable`, `enable`.
*/
httpsCookieSecure?: pulumi.Input<string>;
/**
* Start-mapped-IPv4-address [-end mapped-IPv4-address].
*/
ipv4Mappedip?: pulumi.Input<string>;
/**
* IPv4 port number range on the destination network to which the external port number range is mapped.
*/
ipv4Mappedport?: pulumi.Input<string>;
/**
* Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `least-session`, `least-rtt`, `first-alive`, `http-host`.
*/
ldbMethod?: pulumi.Input<string>;
/**
* Mapped IP address range in the format startIP-endIP.
*/
mappedip?: pulumi.Input<string>;
/**
* Port number range on the destination network to which the external port number range is mapped.
*/
mappedport?: pulumi.Input<string>;
/**
* Maximum number of incomplete connections.
*/
maxEmbryonicConnections?: pulumi.Input<number>;
/**
* Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of `monitor` block is documented below.
*/
monitors?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6Monitor>[]>;
/**
* Virtual ip6 name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable DNAT64. Valid values: `disable`, `enable`.
*/
nat64?: pulumi.Input<string>;
/**
* Enable/disable DNAT66. Valid values: `disable`, `enable`.
*/
nat66?: pulumi.Input<string>;
/**
* Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: `disable`, `enable`.
*/
natSourceVip?: pulumi.Input<string>;
/**
* Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: `disable`, `enable`.
*/
ndpReply?: pulumi.Input<string>;
/**
* Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: `disable`, `enable`.
*/
outlookWebAccess?: pulumi.Input<string>;
/**
* Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`, `ssl-session-id`.
*/
persistence?: pulumi.Input<string>;
/**
* Enable port forwarding. Valid values: `disable`, `enable`.
*/
portforward?: pulumi.Input<string>;
/**
* Protocol to use when forwarding packets. Valid values: `tcp`, `udp`, `sctp`.
*/
protocol?: pulumi.Input<string>;
/**
* QUIC setting. The structure of `quic` block is documented below.
*/
quic?: pulumi.Input<inputs.firewall.Vip6Quic>;
/**
* Select the real servers that this server load balancing VIP will distribute traffic to. The structure of `realservers` block is documented below.
*/
realservers?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6Realserver>[]>;
/**
* Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: `http`, `https`, `imaps`, `pop3s`, `smtps`, `ssl`, `tcp`, `udp`, `ip`.
*/
serverType?: pulumi.Input<string>;
/**
* Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of `srcFilter` block is documented below.
*/
srcFilters?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SrcFilter>[]>;
/**
* Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: `disable`, `enable`.
*/
srcVipFilter?: pulumi.Input<string>;
/**
* Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: `enable`, `disable`.
*/
sslAcceptFfdheGroups?: pulumi.Input<string>;
/**
* Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`.
*/
sslAlgorithm?: pulumi.Input<string>;
/**
* The name of the SSL certificate to use for SSL acceleration.
*/
sslCertificate?: pulumi.Input<string>;
/**
* SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of `sslCipherSuites` block is documented below.
*/
sslCipherSuites?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SslCipherSuite>[]>;
/**
* Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: `disable`, `enable`.
*/
sslClientFallback?: pulumi.Input<string>;
/**
* Maximum length of data in MB before triggering a client rekey (0 = disable).
*/
sslClientRekeyCount?: pulumi.Input<number>;
/**
* Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: `allow`, `deny`, `secure`.
*/
sslClientRenegotiation?: pulumi.Input<string>;
/**
* Maximum number of client to FortiGate SSL session states to keep.
*/
sslClientSessionStateMax?: pulumi.Input<number>;
/**
* Number of minutes to keep client to FortiGate SSL session state.
*/
sslClientSessionStateTimeout?: pulumi.Input<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
sslClientSessionStateType?: pulumi.Input<string>;
/**
* Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: `768`, `1024`, `1536`, `2048`, `3072`, `4096`.
*/
sslDhBits?: pulumi.Input<string>;
/**
* Enable/disable including HPKP header in response. Valid values: `disable`, `enable`, `report-only`.
*/
sslHpkp?: pulumi.Input<string>;
/**
* Number of minutes the web browser should keep HPKP.
*/
sslHpkpAge?: pulumi.Input<number>;
/**
* Certificate to generate backup HPKP pin from.
*/
sslHpkpBackup?: pulumi.Input<string>;
/**
* Indicate that HPKP header applies to all subdomains. Valid values: `disable`, `enable`.
*/
sslHpkpIncludeSubdomains?: pulumi.Input<string>;
/**
* Certificate to generate primary HPKP pin from.
*/
sslHpkpPrimary?: pulumi.Input<string>;
/**
* URL to report HPKP violations to.
*/
sslHpkpReportUri?: pulumi.Input<string>;
/**
* Enable/disable including HSTS header in response. Valid values: `disable`, `enable`.
*/
sslHsts?: pulumi.Input<string>;
/**
* Number of seconds the client should honour the HSTS setting.
*/
sslHstsAge?: pulumi.Input<number>;
/**
* Indicate that HSTS header applies to all subdomains. Valid values: `disable`, `enable`.
*/
sslHstsIncludeSubdomains?: pulumi.Input<string>;
/**
* Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: `enable`, `disable`.
*/
sslHttpLocationConversion?: pulumi.Input<string>;
/**
* Enable/disable HTTP host matching for location conversion. Valid values: `enable`, `disable`.
*/
sslHttpMatchHost?: pulumi.Input<string>;
/**
* Highest SSL/TLS version acceptable from a client.
*/
sslMaxVersion?: pulumi.Input<string>;
/**
* Lowest SSL/TLS version acceptable from a client.
*/
sslMinVersion?: pulumi.Input<string>;
/**
* Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: `half`, `full`.
*/
sslMode?: pulumi.Input<string>;
/**
* Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: `require`, `deny`, `allow`.
*/
sslPfs?: pulumi.Input<string>;
/**
* Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: `enable`, `disable`.
*/
sslSendEmptyFrags?: pulumi.Input<string>;
/**
* Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`, `client`.
*/
sslServerAlgorithm?: pulumi.Input<string>;
/**
* SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of `sslServerCipherSuites` block is documented below.
*/
sslServerCipherSuites?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SslServerCipherSuite>[]>;
/**
* Highest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
sslServerMaxVersion?: pulumi.Input<string>;
/**
* Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
sslServerMinVersion?: pulumi.Input<string>;
/**
* Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`.
*/
sslServerRenegotiation?: pulumi.Input<string>;
/**
* Maximum number of FortiGate to Server SSL session states to keep.
*/
sslServerSessionStateMax?: pulumi.Input<number>;
/**
* Number of minutes to keep FortiGate to Server SSL session state.
*/
sslServerSessionStateTimeout?: pulumi.Input<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
sslServerSessionStateType?: pulumi.Input<string>;
/**
* Configure a static NAT or server load balance VIP.
*/
type?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: `disable`, `enable`.
*/
weblogicServer?: pulumi.Input<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: `disable`, `enable`.
*/
websphereServer?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Vip6 resource.
*/
export interface Vip6Args {
/**
* Enable/disable adding NAT64 route. Valid values: `disable`, `enable`.
*/
addNat64Route?: pulumi.Input<string>;
/**
* Enable to respond to ARP requests for this virtual IP address. Enabled by default. Valid values: `disable`, `enable`.
*/
arpReply?: pulumi.Input<string>;
/**
* Color of icon on the GUI.
*/
color?: pulumi.Input<number>;
/**
* Comment.
*/
comment?: pulumi.Input<string>;
/**
* Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
*/
dynamicSortSubtable?: pulumi.Input<string>;
/**
* Enable/disable embedded IPv4 address. Valid values: `disable`, `enable`.
*/
embeddedIpv4Address?: pulumi.Input<string>;
/**
* IP address or address range on the external interface that you want to map to an address or address range on the destination network.
*/
extip: pulumi.Input<string>;
/**
* Incoming port number range that you want to map to a port number range on the destination network.
*/
extport?: pulumi.Input<string>;
/**
* Custom defined ID.
*/
fosid?: pulumi.Input<number>;
/**
* Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
*/
getAllTables?: pulumi.Input<string>;
/**
* Enable/disable HTTP2 support (default = enable). Valid values: `enable`, `disable`.
*/
h2Support?: pulumi.Input<string>;
/**
* Enable/disable HTTP3/QUIC support (default = disable). Valid values: `enable`, `disable`.
*/
h3Support?: pulumi.Input<string>;
/**
* Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
*/
httpCookieAge?: pulumi.Input<number>;
/**
* Domain that HTTP cookie persistence should apply to.
*/
httpCookieDomain?: pulumi.Input<string>;
/**
* Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values: `disable`, `enable`.
*/
httpCookieDomainFromHost?: pulumi.Input<string>;
/**
* Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
*/
httpCookieGeneration?: pulumi.Input<number>;
/**
* Limit HTTP cookie persistence to the specified path.
*/
httpCookiePath?: pulumi.Input<string>;
/**
* Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values: `disable`, `same-ip`.
*/
httpCookieShare?: pulumi.Input<string>;
/**
* For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: `enable`, `disable`.
*/
httpIpHeader?: pulumi.Input<string>;
/**
* For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used.
*/
httpIpHeaderName?: pulumi.Input<string>;
/**
* Enable/disable HTTP multiplexing. Valid values: `enable`, `disable`.
*/
httpMultiplex?: pulumi.Input<string>;
/**
* Enable/disable redirection of HTTP to HTTPS Valid values: `enable`, `disable`.
*/
httpRedirect?: pulumi.Input<string>;
/**
* Enable/disable verification that inserted HTTPS cookies are secure. Valid values: `disable`, `enable`.
*/
httpsCookieSecure?: pulumi.Input<string>;
/**
* Start-mapped-IPv4-address [-end mapped-IPv4-address].
*/
ipv4Mappedip?: pulumi.Input<string>;
/**
* IPv4 port number range on the destination network to which the external port number range is mapped.
*/
ipv4Mappedport?: pulumi.Input<string>;
/**
* Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `least-session`, `least-rtt`, `first-alive`, `http-host`.
*/
ldbMethod?: pulumi.Input<string>;
/**
* Mapped IP address range in the format startIP-endIP.
*/
mappedip: pulumi.Input<string>;
/**
* Port number range on the destination network to which the external port number range is mapped.
*/
mappedport?: pulumi.Input<string>;
/**
* Maximum number of incomplete connections.
*/
maxEmbryonicConnections?: pulumi.Input<number>;
/**
* Name of the health check monitor to use when polling to determine a virtual server's connectivity status. The structure of `monitor` block is documented below.
*/
monitors?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6Monitor>[]>;
/**
* Virtual ip6 name.
*/
name?: pulumi.Input<string>;
/**
* Enable/disable DNAT64. Valid values: `disable`, `enable`.
*/
nat64?: pulumi.Input<string>;
/**
* Enable/disable DNAT66. Valid values: `disable`, `enable`.
*/
nat66?: pulumi.Input<string>;
/**
* Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: `disable`, `enable`.
*/
natSourceVip?: pulumi.Input<string>;
/**
* Enable/disable this FortiGate unit's ability to respond to NDP requests for this virtual IP address (default = enable). Valid values: `disable`, `enable`.
*/
ndpReply?: pulumi.Input<string>;
/**
* Enable to add the Front-End-Https header for Microsoft Outlook Web Access. Valid values: `disable`, `enable`.
*/
outlookWebAccess?: pulumi.Input<string>;
/**
* Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`, `ssl-session-id`.
*/
persistence?: pulumi.Input<string>;
/**
* Enable port forwarding. Valid values: `disable`, `enable`.
*/
portforward?: pulumi.Input<string>;
/**
* Protocol to use when forwarding packets. Valid values: `tcp`, `udp`, `sctp`.
*/
protocol?: pulumi.Input<string>;
/**
* QUIC setting. The structure of `quic` block is documented below.
*/
quic?: pulumi.Input<inputs.firewall.Vip6Quic>;
/**
* Select the real servers that this server load balancing VIP will distribute traffic to. The structure of `realservers` block is documented below.
*/
realservers?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6Realserver>[]>;
/**
* Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). Valid values: `http`, `https`, `imaps`, `pop3s`, `smtps`, `ssl`, `tcp`, `udp`, `ip`.
*/
serverType?: pulumi.Input<string>;
/**
* Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of `srcFilter` block is documented below.
*/
srcFilters?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SrcFilter>[]>;
/**
* Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: `disable`, `enable`.
*/
srcVipFilter?: pulumi.Input<string>;
/**
* Enable/disable FFDHE cipher suite for SSL key exchange. Valid values: `enable`, `disable`.
*/
sslAcceptFfdheGroups?: pulumi.Input<string>;
/**
* Permitted encryption algorithms for SSL sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`.
*/
sslAlgorithm?: pulumi.Input<string>;
/**
* The name of the SSL certificate to use for SSL acceleration.
*/
sslCertificate?: pulumi.Input<string>;
/**
* SSL/TLS cipher suites acceptable from a client, ordered by priority. The structure of `sslCipherSuites` block is documented below.
*/
sslCipherSuites?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SslCipherSuite>[]>;
/**
* Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). Valid values: `disable`, `enable`.
*/
sslClientFallback?: pulumi.Input<string>;
/**
* Maximum length of data in MB before triggering a client rekey (0 = disable).
*/
sslClientRekeyCount?: pulumi.Input<number>;
/**
* Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. Valid values: `allow`, `deny`, `secure`.
*/
sslClientRenegotiation?: pulumi.Input<string>;
/**
* Maximum number of client to FortiGate SSL session states to keep.
*/
sslClientSessionStateMax?: pulumi.Input<number>;
/**
* Number of minutes to keep client to FortiGate SSL session state.
*/
sslClientSessionStateTimeout?: pulumi.Input<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
sslClientSessionStateType?: pulumi.Input<string>;
/**
* Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values: `768`, `1024`, `1536`, `2048`, `3072`, `4096`.
*/
sslDhBits?: pulumi.Input<string>;
/**
* Enable/disable including HPKP header in response. Valid values: `disable`, `enable`, `report-only`.
*/
sslHpkp?: pulumi.Input<string>;
/**
* Number of minutes the web browser should keep HPKP.
*/
sslHpkpAge?: pulumi.Input<number>;
/**
* Certificate to generate backup HPKP pin from.
*/
sslHpkpBackup?: pulumi.Input<string>;
/**
* Indicate that HPKP header applies to all subdomains. Valid values: `disable`, `enable`.
*/
sslHpkpIncludeSubdomains?: pulumi.Input<string>;
/**
* Certificate to generate primary HPKP pin from.
*/
sslHpkpPrimary?: pulumi.Input<string>;
/**
* URL to report HPKP violations to.
*/
sslHpkpReportUri?: pulumi.Input<string>;
/**
* Enable/disable including HSTS header in response. Valid values: `disable`, `enable`.
*/
sslHsts?: pulumi.Input<string>;
/**
* Number of seconds the client should honour the HSTS setting.
*/
sslHstsAge?: pulumi.Input<number>;
/**
* Indicate that HSTS header applies to all subdomains. Valid values: `disable`, `enable`.
*/
sslHstsIncludeSubdomains?: pulumi.Input<string>;
/**
* Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. Valid values: `enable`, `disable`.
*/
sslHttpLocationConversion?: pulumi.Input<string>;
/**
* Enable/disable HTTP host matching for location conversion. Valid values: `enable`, `disable`.
*/
sslHttpMatchHost?: pulumi.Input<string>;
/**
* Highest SSL/TLS version acceptable from a client.
*/
sslMaxVersion?: pulumi.Input<string>;
/**
* Lowest SSL/TLS version acceptable from a client.
*/
sslMinVersion?: pulumi.Input<string>;
/**
* Apply SSL offloading between the client and the FortiGate (half) or from the client to the FortiGate and from the FortiGate to the server (full). Valid values: `half`, `full`.
*/
sslMode?: pulumi.Input<string>;
/**
* Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). Applies to both client and server sessions. Valid values: `require`, `deny`, `allow`.
*/
sslPfs?: pulumi.Input<string>;
/**
* Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). May need to be disabled for compatibility with older systems. Valid values: `enable`, `disable`.
*/
sslSendEmptyFrags?: pulumi.Input<string>;
/**
* Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values: `high`, `medium`, `low`, `custom`, `client`.
*/
sslServerAlgorithm?: pulumi.Input<string>;
/**
* SSL/TLS cipher suites to offer to a server, ordered by priority. The structure of `sslServerCipherSuites` block is documented below.
*/
sslServerCipherSuites?: pulumi.Input<pulumi.Input<inputs.firewall.Vip6SslServerCipherSuite>[]>;
/**
* Highest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
sslServerMaxVersion?: pulumi.Input<string>;
/**
* Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
*/
sslServerMinVersion?: pulumi.Input<string>;
/**
* Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`.
*/
sslServerRenegotiation?: pulumi.Input<string>;
/**
* Maximum number of FortiGate to Server SSL session states to keep.
*/
sslServerSessionStateMax?: pulumi.Input<number>;
/**
* Number of minutes to keep FortiGate to Server SSL session state.
*/
sslServerSessionStateTimeout?: pulumi.Input<number>;
/**
* How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. Valid values: `disable`, `time`, `count`, `both`.
*/
sslServerSessionStateType?: pulumi.Input<string>;
/**
* Configure a static NAT or server load balance VIP.
*/
type?: pulumi.Input<string>;
/**
* Universally Unique Identifier (UUID; automatically assigned but can be manually reset).
*/
uuid?: pulumi.Input<string>;
/**
* Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
*/
vdomparam?: pulumi.Input<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. Valid values: `disable`, `enable`.
*/
weblogicServer?: pulumi.Input<string>;
/**
* Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. Valid values: `disable`, `enable`.
*/
websphereServer?: pulumi.Input<string>;
}