@pulumiverse/fortios

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Configure global attributes. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as fortios from "@pulumiverse/fortios"; * * const trname = new fortios.system.Global("trname", { * adminSport: 443, * alias: "FGVM02TM20003062", * hostname: "ste11", * timezone: "04", * }); * ``` * * ## Import * * System Global can be imported using any of these accepted formats: * * ```sh * $ pulumi import fortios:system/global:Global labelname SystemGlobal * ``` * * If you do not want to import arguments of block: * * $ export "FORTIOS_IMPORT_TABLE"="false" * * ```sh * $ pulumi import fortios:system/global:Global labelname SystemGlobal * ``` * * $ unset "FORTIOS_IMPORT_TABLE" */ export declare class Global extends pulumi.CustomResource { /** * Get an existing Global resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GlobalState, opts?: pulumi.CustomResourceOptions): Global; /** * Returns true if the given object is an instance of Global. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Global; /** * Enable/disable concurrent administrator logins. Use policy-auth-concurrent for firewall authenticated users. Valid values: `enable`, `disable`. */ readonly adminConcurrent: pulumi.Output<string>; /** * Console login timeout that overrides the admin timeout value (15 - 300 seconds, default = 0, which disables the timeout). */ readonly adminConsoleTimeout: pulumi.Output<number>; /** * Override access profile. */ readonly adminForticloudSsoDefaultProfile: pulumi.Output<string>; /** * Enable/disable FortiCloud admin login via SSO. Valid values: `enable`, `disable`. */ readonly adminForticloudSsoLogin: pulumi.Output<string>; /** * Administrative host for HTTP and HTTPS. When set, will be used in lieu of the client's Host header for any redirection. */ readonly adminHost: pulumi.Output<string>; /** * HTTPS Strict-Transport-Security header max-age in seconds. A value of 0 will reset any HSTS records in the browser.When admin-https-redirect is disabled the header max-age will be 0. */ readonly adminHstsMaxAge: pulumi.Output<number>; /** * Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: `enable`, `disable`. */ readonly adminHttpsPkiRequired: pulumi.Output<string>; /** * Enable/disable redirection of HTTP administration access to HTTPS. Valid values: `enable`, `disable`. */ readonly adminHttpsRedirect: pulumi.Output<string>; /** * Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Only applies to TLS 1.2 and below. Valid values: `RSA`, `DHE`, `ECDHE`, `DSS`, `ECDSA`, `AES`, `AESGCM`, `CAMELLIA`, `3DES`, `SHA1`, `SHA256`, `SHA384`, `STATIC`, `CHACHA20`, `ARIA`, `AESCCM`. */ readonly adminHttpsSslBannedCiphers: pulumi.Output<string>; /** * Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, remove TLS1.3 from admin-https-ssl-versions. Valid values: `TLS-AES-128-GCM-SHA256`, `TLS-AES-256-GCM-SHA384`, `TLS-CHACHA20-POLY1305-SHA256`, `TLS-AES-128-CCM-SHA256`, `TLS-AES-128-CCM-8-SHA256`. */ readonly adminHttpsSslCiphersuites: pulumi.Output<string>; /** * Allowed TLS versions for web administration. */ readonly adminHttpsSslVersions: pulumi.Output<string>; /** * Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repeated failed login attempts. */ readonly adminLockoutDuration: pulumi.Output<number>; /** * Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. */ readonly adminLockoutThreshold: pulumi.Output<number>; /** * Maximum number of administrators who can be logged in at the same time (1 - 100, default = 100) */ readonly adminLoginMax: pulumi.Output<number>; /** * Enable/disable maintainer administrator login. When enabled, the maintainer account can be used to log in from the console after a hard reboot. The password is "bcpb" followed by the FortiGate unit serial number. You have limited time to complete this login. Valid values: `enable`, `disable`. */ readonly adminMaintainer: pulumi.Output<string>; /** * Administrative access port for HTTP. (1 - 65535, default = 80). */ readonly adminPort: pulumi.Output<number>; /** * Enable/disable local admin authentication restriction when remote authenticator is up and running. (default = disable) Valid values: `enable`, `disable`. */ readonly adminRestrictLocal: pulumi.Output<string>; /** * Enable/disable using SCP to download the system configuration. You can use SCP as an alternative method for backing up the configuration. Valid values: `enable`, `disable`. */ readonly adminScp: pulumi.Output<string>; /** * Server certificate that the FortiGate uses for HTTPS administrative connections. */ readonly adminServerCert: pulumi.Output<string>; /** * Administrative access port for HTTPS. (1 - 65535, default = 443). */ readonly adminSport: pulumi.Output<number>; /** * Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating (10 - 3600 sec (1 hour), default 120). */ readonly adminSshGraceTime: pulumi.Output<number>; /** * Enable/disable password authentication for SSH admin access. Valid values: `enable`, `disable`. */ readonly adminSshPassword: pulumi.Output<string>; /** * Administrative access port for SSH. (1 - 65535, default = 22). */ readonly adminSshPort: pulumi.Output<number>; /** * Enable/disable SSH v1 compatibility. Valid values: `enable`, `disable`. */ readonly adminSshV1: pulumi.Output<string>; /** * Enable/disable TELNET service. Valid values: `enable`, `disable`. */ readonly adminTelnet: pulumi.Output<string>; /** * Administrative access port for TELNET. (1 - 65535, default = 23). */ readonly adminTelnetPort: pulumi.Output<number>; /** * Number of minutes before an idle administrator session times out (default = 5). A shorter idle timeout is more secure. On FortiOS versions 6.2.0-6.2.6: 5 - 480 minutes (8 hours). On FortiOS versions >= 6.4.0: 1 - 480 minutes (8 hours). */ readonly admintimeout: pulumi.Output<number>; /** * Alias for your FortiGate unit. */ readonly alias: pulumi.Output<string>; /** * Disable to allow traffic to be routed back on a different interface. Valid values: `enable`, `disable`. */ readonly allowTrafficRedirect: pulumi.Output<string>; /** * Level of checking for packet replay and TCP sequence checking. Valid values: `disable`, `loose`, `strict`. */ readonly antiReplay: pulumi.Output<string>; /** * Maximum number of dynamically learned MAC addresses that can be added to the ARP table (131072 - 2147483647, default = 131072). */ readonly arpMaxEntry: pulumi.Output<number>; /** * Enable/disable asymmetric route. Valid values: `enable`, `disable`. */ readonly asymroute: pulumi.Output<string>; /** * Server certificate that the FortiGate uses for HTTPS firewall authentication connections. */ readonly authCert: pulumi.Output<string>; /** * User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000. */ readonly authHttpPort: pulumi.Output<number>; /** * User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003. */ readonly authHttpsPort: pulumi.Output<number>; /** * User IKE SAML authentication port (0 - 65535, default = 1001). */ readonly authIkeSamlPort: pulumi.Output<number>; /** * Enable to prevent user authentication sessions from timing out when idle. Valid values: `enable`, `disable`. */ readonly authKeepalive: pulumi.Output<string>; /** * Action to take when the number of allowed user authenticated sessions is reached. Valid values: `block-new`, `logout-inactive`. */ readonly authSessionLimit: pulumi.Output<string>; /** * Enable/disable automatic authorization of dedicated Fortinet extension devices. Valid values: `enable`, `disable`. */ readonly autoAuthExtensionDevice: pulumi.Output<string>; /** * Enable/disable automatic log partition check after ungraceful shutdown. Valid values: `enable`, `disable`. */ readonly autorunLogFsck: pulumi.Output<string>; /** * Affinity setting for AV scanning (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). */ readonly avAffinity: pulumi.Output<string>; /** * Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Valid values: `pass`, `off`, `one-shot`. */ readonly avFailopen: pulumi.Output<string>; /** * When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and enacts the action specified by av-failopen. Valid values: `enable`, `disable`. */ readonly avFailopenSession: pulumi.Output<string>; /** * Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Valid values: `enable`, `disable`. */ readonly batchCmdb: pulumi.Output<string>; /** * Affinity setting for BFD daemon (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). */ readonly bfdAffinity: pulumi.Output<string>; /** * Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30). */ readonly blockSessionTimer: pulumi.Output<number>; /** * Maximum number of bridge forwarding database (FDB) entries. */ readonly brFdbMaxEntry: pulumi.Output<number>; /** * Maximum number of certificates that can be traversed in a certificate chain. */ readonly certChainMax: pulumi.Output<number>; /** * Time-out for reverting to the last saved configuration. (10 - 4294967295 seconds, default = 600). */ readonly cfgRevertTimeout: pulumi.Output<number>; /** * Configuration file save mode for CLI changes. Valid values: `automatic`, `manual`, `revert`. */ readonly cfgSave: pulumi.Output<string>; /** * Level of checking performed on protocol headers. Strict checking is more thorough but may affect performance. Loose checking is ok in most cases. Valid values: `loose`, `strict`. */ readonly checkProtocolHeader: pulumi.Output<string>; /** * Configure ICMP error message verification. You can either apply strict RST range checking or disable it. Valid values: `strict`, `disable`. */ readonly checkResetRange: pulumi.Output<string>; /** * Enable/disable CLI audit log. Valid values: `enable`, `disable`. */ readonly cliAuditLog: pulumi.Output<string>; /** * Enable/disable all cloud communication. Valid values: `enable`, `disable`. */ readonly cloudCommunication: pulumi.Output<string>; /** * Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Valid values: `enable`, `disable`. */ readonly cltCertReq: pulumi.Output<string>; /** * Affinity setting for cmdbsvr (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). */ readonly cmdbsvrAffinity: pulumi.Output<string>; /** * Enable/disable global PCI DSS compliance check. Valid values: `enable`, `disable`. */ readonly complianceCheck: pulumi.Output<string>; /** * Time of day to run scheduled PCI DSS compliance checks. */ readonly complianceCheckTime: pulumi.Output<string>; /** * Threshold at which CPU usage is reported. (% of total CPU, default = 90). */ readonly cpuUseThreshold: pulumi.Output<number>; /** * Enable/disable the CA attribute in certificates. Some CA servers reject CSRs that have the CA attribute. Valid values: `enable`, `disable`. */ readonly csrCaAttribute: pulumi.Output<string>; /** * Enable/disable daily restart of FortiGate unit. Use the restart-time option to set the time of day for the restart. Valid values: `enable`, `disable`. */ readonly dailyRestart: pulumi.Output<string>; /** * Default service source port range. (default=1-65535) */ readonly defaultServiceSourcePort: pulumi.Output<string>; /** * Number of seconds to passively scan a device before performing an active scan. (20 - 3600 sec, (20 sec to 1 hour), default = 90). */ readonly deviceIdentificationActiveScanDelay: pulumi.Output<number>; /** * Time in seconds that a device must be idle to automatically log the device user out. (30 - 31536000 sec (30 sec to 1 year), default = 300). */ readonly deviceIdleTimeout: pulumi.Output<number>; /** * Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Valid values: `1024`, `1536`, `2048`, `3072`, `4096`, `6144`, `8192`. */ readonly dhParams: pulumi.Output<string>; /** * DHCP leases backup interval in seconds (10 - 3600, default = 60). */ readonly dhcpLeaseBackupInterval: pulumi.Output<number>; /** * DNS proxy worker count. */ readonly dnsproxyWorkerCount: pulumi.Output<number>; /** * Enable/disable daylight saving time. Valid values: `enable`, `disable`. */ readonly dst: pulumi.Output<string>; /** * Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ]. */ readonly dynamicSortSubtable: pulumi.Output<string | undefined>; /** * Enable/disable early TCP NPU session. Valid values: `enable`, `disable`. */ readonly earlyTcpNpuSession: pulumi.Output<string>; /** * Enable/disable edit new VDOM prompt. Valid values: `enable`, `disable`. */ readonly editVdomPrompt: pulumi.Output<string>; /** * Enable/disable access to the FortiGuard network for non-compliant endpoints. Valid values: `enable`, `disable`. */ readonly endpointControlFdsAccess: pulumi.Output<string>; /** * Endpoint control portal port (1 - 65535). */ readonly endpointControlPortalPort: pulumi.Output<number>; /** * Configure reserved network subnet for managed LAN extension FortiExtenders. This is available when the extender daemon is running. */ readonly extenderControllerReservedNetwork: pulumi.Output<string>; /** * Fail-time for server lost. */ readonly failtime: pulumi.Output<number>; /** * Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble. */ readonly fazDiskBufferSize: pulumi.Output<number>; /** * Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. This data is used to improve FortiGuard services and is not shared with external parties and is protected by Fortinet's privacy policy. Valid values: `enable`, `disable`. */ readonly fdsStatistics: pulumi.Output<string>; /** * FortiGuard statistics collection period in minutes. (1 - 1440 min (1 min to 24 hours), default = 60). */ readonly fdsStatisticsPeriod: pulumi.Output<number>; /** * Local UDP port for Forward Error Correction (49152 - 65535). */ readonly fecPort: pulumi.Output<number>; /** * Type of alert to retrieve from FortiGuard. Valid values: `advisory`, `latest-threat`, `latest-virus`, `latest-attack`, `new-antivirus-db`, `new-attack-db`. */ readonly fgdAlertSubscription: pulumi.Output<string>; /** * Enable/disable config upload to FortiConverter. Valid values: `once`, `disable`. */ readonly forticonverterConfigUpload: pulumi.Output<string>; /** * Enable/disable FortiConverter integration service. Valid values: `enable`, `disable`. */ readonly forticonverterIntegration: pulumi.Output<string>; /** * Enable/disable FortiExtender. Valid values: `enable`, `disable`. */ readonly fortiextender: pulumi.Output<string>; /** * FortiExtender data port (1024 - 49150, default = 25246). */ readonly fortiextenderDataPort: pulumi.Output<number>; /** * Enable/disable FortiExtender CAPWAP lockdown. Valid values: `disable`, `enable`. */ readonly fortiextenderDiscoveryLockdown: pulumi.Output<string>; /** * Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Valid values: `enable`, `disable`. */ readonly fortiextenderProvisionOnAuthorization: pulumi.Output<string>; /** * Enable/disable FortiExtender VLAN mode. Valid values: `enable`, `disable`. */ readonly fortiextenderVlanMode: pulumi.Output<string>; /** * Enable/disable integration with the FortiGSLB cloud service. Valid values: `disable`, `enable`. */ readonly fortigslbIntegration: pulumi.Output<string>; /** * Enable/disable integration with the FortiIPAM cloud service. Valid values: `enable`, `disable`. */ readonly fortiipamIntegration: pulumi.Output<string>; /** * FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. */ readonly fortiservicePort: pulumi.Output<number>; /** * Enable/disable FortiToken Cloud service. Valid values: `enable`, `disable`. */ readonly fortitokenCloud: pulumi.Output<string>; /** * Enable/disable FTM push service of FortiToken Cloud. Valid values: `enable`, `disable`. */ readonly fortitokenCloudPushStatus: pulumi.Output<string>; /** * Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0). */ readonly fortitokenCloudSyncInterval: pulumi.Output<number>; /** * Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. */ readonly getAllTables: pulumi.Output<string | undefined>; /** * Enable/disable the GUI warning about using a default hostname Valid values: `enable`, `disable`. */ readonly guiAllowDefaultHostname: pulumi.Output<string>; /** * Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. May cause unexpected error. Valid values: `enable`, `disable`. */ readonly guiAllowIncompatibleFabricFgt: pulumi.Output<string>; /** * Enable/disable Allow app-detection based SD-WAN. Valid values: `enable`, `disable`. */ readonly guiAppDetectionSdwan: pulumi.Output<string>; /** * Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: `enable`, `disable`. */ readonly guiAutoUpgradeSetupWarning: pulumi.Output<string>; /** * Domain of CDN server. */ readonly guiCdnDomainOverride: pulumi.Output<string>; /** * Enable/disable Load GUI static files from a CDN. Valid values: `enable`, `disable`. */ readonly guiCdnUsage: pulumi.Output<string>; /** * Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Valid values: `enable`, `disable`. */ readonly guiCertificates: pulumi.Output<string>; /** * Enable/disable custom languages in GUI. Valid values: `enable`, `disable`. */ readonly guiCustomLanguage: pulumi.Output<string>; /** * Default date format used throughout GUI. Valid values: `yyyy/MM/dd`, `dd/MM/yyyy`, `MM/dd/yyyy`, `yyyy-MM-dd`, `dd-MM-yyyy`, `MM-dd-yyyy`. */ readonly guiDateFormat: pulumi.Output<string>; /** * Source from which the FortiGate GUI uses to display date and time entries. Valid values: `system`, `browser`. */ readonly guiDateTimeSource: pulumi.Output<string>; /** * Add the latitude of the location of this FortiGate to position it on the Threat Map. */ readonly guiDeviceLatitude: pulumi.Output<string>; /** * Add the longitude of the location of this FortiGate to position it on the Threat Map. */ readonly guiDeviceLongitude: pulumi.Output<string>; /** * Enable/disable displaying the FortiGate's hostname on the GUI login page. Valid values: `enable`, `disable`. */ readonly guiDisplayHostname: pulumi.Output<string>; /** * Enable/disable the firmware upgrade warning on GUI setup wizard. Valid values: `enable`, `disable`. */ readonly guiFirmwareUpgradeSetupWarning: pulumi.Output<string>; /** * Enable/disable the firmware upgrade warning on the GUI. Valid values: `enable`, `disable`. */ readonly guiFirmwareUpgradeWarning: pulumi.Output<string>; /** * Enable/disable the FortiCare registration setup warning on the GUI. Valid values: `enable`, `disable`. */ readonly guiForticareRegistrationSetupWarning: pulumi.Output<string>; /** * Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Valid values: `enable`, `disable`. */ readonly guiFortigateCloudSandbox: pulumi.Output<string>; /** * Enable/disable retrieving static GUI resources from FortiGuard. Disabling it will improve GUI load time for air-gapped environments. Valid values: `enable`, `disable`. */ readonly guiFortiguardResourceFetch: pulumi.Output<string>; /** * Enable/disable displaying FortiSandbox Cloud on the GUI. Valid values: `enable`, `disable`. */ readonly guiFortisandboxCloud: pulumi.Output<string>; /** * Enable/disable IPv6 settings on the GUI. Valid values: `enable`, `disable`. */ readonly guiIpv6: pulumi.Output<string>; /** * Number of lines to display per page for web administration. */ readonly guiLinesPerPage: pulumi.Output<number>; /** * Enable/disable Local-out traffic on the GUI. Valid values: `enable`, `disable`. */ readonly guiLocalOut: pulumi.Output<string>; /** * Enable/disable replacement message groups on the GUI. Valid values: `enable`, `disable`. */ readonly guiReplacementMessageGroups: pulumi.Output<string>; /** * Enable/disable REST API result caching on FortiGate. Valid values: `enable`, `disable`. */ readonly guiRestApiCache: pulumi.Output<string>; /** * Color scheme for the administration GUI. */ readonly guiTheme: pulumi.Output<string>; /** * Enable/disable wireless open security option on the GUI. Valid values: `enable`, `disable`. */ readonly guiWirelessOpensecurity: pulumi.Output<string>; /** * Enable/disable Workflow management features on the GUI. Valid values: `enable`, `disable`. */ readonly guiWorkflowManagement: pulumi.Output<string>; /** * Affinity setting for HA daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). */ readonly haAffinity: pulumi.Output<string>; /** * Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: `enable`, `disable`. */ readonly honorDf: pulumi.Output<string>; /** * FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. */ readonly hostname: pulumi.Output<string>; /** * Maximum number of IGMP memberships (96 - 64000, default = 3200). */ readonly igmpStateLimit: pulumi.Output<number>; /** * Maximum number of IPsec tunnels to negotiate simultaneously. */ readonly ikeEmbryonicLimit: pulumi.Output<number>; /** * Enable/disable allowing use of interface-subnet setting in firewall addresses (default = enable). Valid values: `disable`, `enable`. */ readonly interfaceSubnetUsage: pulumi.Output<string>; /** * Configure which Internet Service database size to download from FortiGuard and use. */ readonly internetServiceDatabase: pulumi.Output<string>; /** * Configure which on-demand Internet Service IDs are to be downloaded. The structure of `internetServiceDownloadList` block is documented below. */ readonly internetServiceDownloadLists: pulumi.Output<outputs.system.GlobalInternetServiceDownloadList[] | undefined>; /** * Dead gateway detection interval. */ readonly interval: pulumi.Output<number>; /** * Maximum memory (MB) used to reassemble IPv4/IPv6 fragments. */ readonly ipFragmentMemThresholds: pulumi.Output<number>; /** * IP source port range used for traffic originating from the FortiGate unit. */ readonly ipSrcPortRange: pulumi.Output<string>; /** * Affinity setting for IPS (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx; allowed CPUs must be less than total number of IPS engine daemons). */ readonly ipsAffinity: pulumi.Output<string>; /** * Enable/disable ASIC offloading (hardware acceleration) for IPsec VPN traffic. Hardware acceleration can offload IPsec VPN sessions and accelerate encryption and decryption. Valid values: `enable`, `disable`. */ readonly ipsecAsicOffload: pulumi.Output<string>; /** * ESP jump ahead rate (1G - 10G pps equivalent). */ readonly ipsecHaSeqjumpRate: pulumi.Output<number>; /** * Enable/disable offloading (hardware acceleration) of HMAC processing for IPsec VPN. Valid values: `enable`, `disable`. */ readonly ipsecHmacOffload: pulumi.Output<string>; /** * Enable/disable QAT offloading (Intel QuickAssist) for IPsec VPN traffic. QuickAssist can accelerate IPsec encryption and decryption. Valid values: `enable`, `disable`. */ readonly ipsecQatOffload: pulumi.Output<string>; /** * Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Valid values: `enable`, `disable`. */ readonly ipsecRoundRobin: pulumi.Output<string>; /** * Enable/disable software decryption asynchronization (using multiple CPUs to do decryption) for IPsec VPN traffic. Valid values: `enable`, `disable`. */ readonly ipsecSoftDecAsync: pulumi.Output<string>; /** * Enable/disable acceptance of IPv6 Duplicate Address Detection (DAD). */ readonly ipv6AcceptDad: pulumi.Output<number>; /** * Enable/disable IPv6 address probe through Anycast. Valid values: `enable`, `disable`. */ readonly ipv6AllowAnycastProbe: pulumi.Output<string>; /** * Enable/disable silent drop of IPv6 local-in traffic. Valid values: `enable`, `disable`. */ readonly ipv6AllowLocalInSilentDrop: pulumi.Output<string>; /** * Enable/disable silent drop of IPv6 local-in traffic. Valid values: `enable`, `disable`. */ readonly ipv6AllowLocalInSlientDrop: pulumi.Output<string>; /** * Enable/disable IPv6 address probe through Multicast. Valid values: `enable`, `disable`. */ readonly ipv6AllowMulticastProbe: pulumi.Output<string>; /** * Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Valid values: `enable`, `disable`. */ readonly ipv6AllowTrafficRedirect: pulumi.Output<string>; /** * Configure CPU IRQ time accounting mode. Valid values: `auto`, `force`. */ readonly irqTimeAccounting: pulumi.Output<string>; /** * GUI display language. Valid values: `english`, `french`, `spanish`, `portuguese`, `japanese`, `trach`, `simch`, `korean`. */ readonly language: pulumi.Output<string>; /** * Global timeout for connections with remote LDAP servers in milliseconds (1 - 300000, default 500). */ readonly ldapconntimeout: pulumi.Output<number>; /** * Enable/disable Link Layer Discovery Protocol (LLDP) reception. Valid values: `enable`, `disable`. */ readonly lldpReception: pulumi.Output<string>; /** * Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Valid values: `enable`, `disable`. */ readonly lldpTransmission: pulumi.Output<string>; /** * Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Valid values: `enable`, `disable`. */ readonly logSingleCpuHigh: pulumi.Output<string>; /** * Enable/disable logging of SSL connection events. Valid values: `enable`, `disable`. */ readonly logSslConnection: pulumi.Output<string>; /** * Enable/disable insertion of address UUIDs to traffic logs. Valid values: `enable`, `disable`. */ readonly logUuidAddress: pulumi.Output<string>; /** * Enable/disable insertion of policy UUIDs to traffic logs. Valid values: `enable`, `disable`. */ readonly logUuidPolicy: pulumi.Output<string>; /** * Enable/disable login time recording. Valid values: `enable`, `disable`. */ readonly loginTimestamp: pulumi.Output<string>; /** * Enable/disable long VDOM name support. Valid values: `enable`, `disable`. */ readonly longVdomName: pulumi.Output<string>; /** * Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. */ readonly managementIp: pulumi.Output<string>; /** * Overriding port for management connection (Overrides admin port). */ readonly managementPort: pulumi.Output<number>; /** * Enable/disable use of the admin-sport setting for the management port. If disabled, FortiGate will allow user to specify management-port. Valid values: `enable`, `disable`. */ readonly managementPortUseAdminSport: pulumi.Output<string>; /** * Management virtual domain name. */ readonly managementVdom: pulumi.Output<string>; /** * Maximum DLP stat memory (0 - 4294967295). */ readonly maxDlpstatMemory: pulumi.Output<number>; /** * Maximum number of IP route cache entries (0 - 2147483647). */ readonly maxRouteCacheSize: pulumi.Output<number>; /** * Enable/disable no modification of multicast TTL. Valid values: `enable`, `disable`. */ readonly mcTtlNotchange: pulumi.Output<string>; /** * Threshold at which memory usage is considered extreme (new sessions are dropped) (% of total RAM, default = 95). */ readonly memoryUseThresholdExtreme: pulumi.Output<number>; /** * Threshold at which memory usage forces the FortiGate to exit conserve mode (% of total RAM, default = 82). */ readonly memoryUseThresholdGreen: pulumi.Output<number>; /** * Threshold at which memory usage forces the FortiGate to enter conserve mode (% of total RAM, default = 88). */ readonly memoryUseThresholdRed: pulumi.Output<number>; /** * Affinity setting for logging. On FortiOS versions 6.2.0-7.2.3: 64-bit hexadecimal value in the format of xxxxxxxxxxxxxxxx. On FortiOS versions >= 7.2.4: hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx. */ readonly miglogAffinity: pulumi.Output<string>; /** * Number of logging (miglogd) processes to be allowed to run. Higher number can reduce performance; lower number can slow log processing time. */ readonly miglogdChildren: pulumi.Output<number>; /** * Enforce all login methods to require an additional authentication factor (default = optional). Valid values: `optional`, `mandatory`. */ readonly multiFactorAuthentication: pulumi.Output<string>; /** * Enable/disable multicast forwarding. Valid values: `enable`, `disable`. */ readonly multicastForward: pulumi.Output<string>; /** * Maximum number of NDP table entries (set to 65,536 or higher; if set to 0, kernel holds 65,536 entries). */ readonly ndpMaxEntry: pulumi.Output<number>; /** * Enable/disable sending of probing packets to update neighbors for offloaded sessions. Valid values: `enable`, `disable`. */ readonly npuNeighborUpdate: pulumi.Output<string>; /** * Enable/disable per-user block/allow list filter. Valid values: `enable`, `disable`. */ readonly perUserBal: pulumi.Output<string>; /** * Enable/disable per-user black/white list filter. Valid values: `enable`, `disable`. */ readonly perUserBwl: pulumi.Output<string>; /** * Enable/disable path MTU discovery. Valid values: `enable`, `disable`. */ readonly pmtuDiscovery: pulumi.Output<string>; /** * Number of concurrent firewall use logins from the same user (1 - 100, default = 0 means no limit). */ readonly policyAuthConcurrent: pulumi.Output<number>; /** * Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Valid values: `disable`, `enable`. */ readonly postLoginBanner: pulumi.Output<string>; /** * Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Valid values: `enable`, `disable`. */ readonly preLoginBanner: pulumi.Output<string>; /** * Enable/disable private data encryption using an AES 128-bit key. Valid values: `disable`, `enable`. */ readonly privateDataEncryption: pulumi.Output<string>; /** * Enable/disable authenticated users lifetime control. This is a cap on the total time a proxy user can be authenticated for after which re-authentication will take place. Valid values: `enable`, `disable`. */ readonly proxyAuthLifetime: pulumi.Output<string>; /** * Lifetime timeout in minutes for authenticated users (5 - 65535 min, default=480 (8 hours)). */ readonly proxyAuthLifetimeTimeout: pulumi.Output<number>; /** * Authentication timeout in minutes for authenticated users (1 - 300 min, default = 10). */ readonly proxyAuthTimeout: pulumi.Output<number>; /** * Enable/disable using management VDOM to send requests. Valid values: `enable`, `disable`. */ readonly proxyCertUseMgmtVdom: pulumi.Output<string>; /** * Enable/disable using content processor (CP8 or CP9) hardware acceleration to encrypt and decrypt IPsec and SSL traffic. Valid values: `disable`, `enable`. */ readonly proxyCipherHardwareAcceleration: pulumi.Output<string>; /** * Enable/disable email proxy hardware acceleration. Valid values: `disable`, `enable`. */ readonly proxyHardwareAcceleration: pulumi.Output<string>; /** * Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was authenticated. Valid values: `session`, `traffic`, `re-authentication`. */ readonly proxyKeepAliveMode: pulumi.Output<string>; /** * Enable/disable using the content processor to accelerate KXP traffic. Valid values: `disable`, `enable`. */ readonly proxyKxpHardwareAcceleration: pulumi.Output<string>; /** * Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the user was first created. Valid values: `session`, `traffic`, `absolute`. */ readonly proxyReAuthenticationMode: pulumi.Output<string>; /** * The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate (1 - 86400 sec, default=30s. */ readonly proxyReAuthenticationTime: pulumi.Output<number>; /** * Enable/disable use of the maximum memory usage on the FortiGate unit's proxy processing of resources, such as block lists, allow lists, and external resources. Valid values: `enable`, `disable`. */ readonly proxyResourceMode: pulumi.Output<string>; /** * Proxy worker count. */ readonly proxyWorkerCount: pulumi.Output<number>; /** * Purdue Level of this FortiGate. Valid values: `1`, `1.5`, `2`, `2.5`, `3`, `3.5`, `4`, `5`, `5.5`. */ readonly purdueLevel: pulumi.Output<string>; /** * Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3). */ readonly quicAckThresold: pulumi.Output<number>; /** * QUIC congestion control algorithm (default = cubic). Valid values: `cubic`, `bbr`, `bbr2`, `reno`. */ readonly quicCongestionControlAlgo: pulumi.Output<string>; /** * Maximum transmit datagram size (1200 - 1500, default = 1500). */ readonly quicMaxDatagramSize: pulumi.Output<number>; /** * Enable/disable path MTU discovery (default = enable). Valid values: `enable`, `disable`. */ readonly quicPmtud: pulumi.Output<string>; /** * Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5). */ readonly quicTlsHandshakeTimeout: pulumi.Output<number>; /** * Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: `enable`, `disable`. */ readonly quicUdpPayloadSizeShapingPerCid: pulumi.Output<string>; /** * RADIUS service port number. */ readonly radiusPort: pulumi.Output<number>; /** * Enable/disable reboot of system upon restoring configuration. Valid values: `enable`, `disable`. */ readonly rebootUponConfigRestore: pulumi.Output<string>; /** * Statistics refresh interval second(s) in GUI. */ readonly refresh: pulumi.Output<number>; /** * Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. (default = 5). On FortiOS versions 6.2.0-6.2.6: 0-300 sec, 0 means no timeout. On FortiOS versions >= 6.4.0: 1-300 sec. */ readonly remoteauthtimeout: pulumi.Output<number>; /** * Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. NAT/Route mode only. Valid values: `enable`, `disable`. */ readonly resetSessionlessTcp: pulumi.Output<string>; /** * Daily restart time (hh:mm). */ readonly restartTime: pulumi.Output<string>; /** * Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Valid values: `enable`, `disable`. */ readonly revisionBackupOnLogout: pulumi.Output<string>; /** * Enable/disable back-up of the latest configuration revision after the firmware is upgraded. Valid values: `enable`, `disable`. */ readonly revisionImageAutoBackup: pulumi.Output<string>; /** * Number of scanunits. The range and the default depend on the number of CPUs. Only available on FortiGate units with multiple CPUs. */ readonly scanunitCount: pulumi.Output<number>; /** * Enable/disable the submission of Security Rating results to FortiGuard. Valid values: `enable`, `disable`. */ readonly securityRatingResultSubmission: pulumi.Output<string>; /** * Enable/disable scheduled runs of Security Rating. Valid values: `enable`, `disable`. */ readonly securityRatingRunOnSchedule: pulumi.Output<string>; /** * Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: `enable`, `disable`. */ readonly sendPmtuIcmp: pulumi.Output<string>; /** * Maximum number of sflowd child processes allowed to run. */ readonly sflowdMaxChildrenNum: pulumi.Output<number>; /** * Enable/disable the ability to change the static NAT route. Valid values: `enable`, `disable`. */ readonly snatRouteChange: pulumi.Output<string>; /** * Enable/disable IPS detection of HIBUN format files when using Data Leak Protection. Valid values: `disable`, `enable`. */ readonly specialFile23Support: pulumi.Output<string>; /** * Enable/disable speed test server. Valid values: `enable`, `disable`. */ readonly speedtestServer: pulumi.Output<string>; /** * Speedtest server controller port number. */ readonly speedtestdCtrlPort: pulumi.Output<number>; /** * Speedtest server port number. */ readonly speedtestdServerPort: pulumi.Output<number>; /** * Split port(s) to multiple 10Gbps ports. */ readonly splitPort: pulumi.Output<string>; /** * Date within a month to run ssd trim. */ readonly ssdTrimDate: pulumi.Output<number>; /** * How often to run SSD Trim (default = weekly). SSD Trim prevents SSD drive data loss by finding and isolating errors. Valid values: `never`, `hourly`, `daily`, `weekly`, `monthly`. */ readonly ssdTrimFreq: pulumi.Output<string>; /** * Hour of the day on which to run SSD Trim (0 - 23, default = 1). */ readonly ssdTrimHour: pulumi.Output<number>; /** * Minute of the hour on which to run SSD Trim (0 - 59, 60 for random). */ readonly ssdTrimMin: pulumi.Output<number>; /** * Day of week to run SSD Trim. Valid values: `sunday`, `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`. */ readonly ssdTrimWeekday: pulumi.Output<string>; /** * Enable/disable CBC cipher for SSH access. Valid values: `enable`, `disable`. */ readonly sshCbcCipher: pulumi.Output<string>; /** * Select one or more SSH ciphers. Valid values: `chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`, `arcfour256`, `arcfour128`, `aes128-cbc`, `3des-cbc`, `blowfish-cbc`, `cast128-cbc`, `aes192-cbc`, `aes256-cbc`, `arcfour`, `rijndael-cbc@lysator.liu.se`, `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`. */ readonly sshEncAlgo: pulumi.Output<string>; /** * Enable/disable HMAC-MD5 for SSH access. Valid values: `enable`, `disable`. */ readonly sshHmacMd5: pulumi.Output<string>; /** * Config SSH host key. */ readonly sshHostkey: pulumi.Output<string>; /** * Select one or more SSH hostkey algorithms. */ readonly sshHostkeyAlgo: pulumi.Output<string>; /** * Enable/disable SSH host key override in SSH daemon. Valid values: `disable`, `enable`. */ readonly sshHostkeyOverride: pulumi.Output<string>; /** * Password for ssh-hostkey. */ readonly sshHostkeyPassword: pulumi.Output<string | undefined>; /** * Select one or more SSH kex algorithms. */ readonly sshKexAlgo: pulumi.Output<string>; /** * Enable/disable SHA1 key exchange for SSH access. Valid values: `enable`, `disable`. */ readonly sshKexSha1: pulumi.Output<string>; /** * Select one or more SSH MAC algorithms. Valid values: `hmac-md5`, `hmac-md5-etm@openssh.com`, `hmac-md5-96`, `hmac-md5-96-etm@openssh.com`, `hmac-sha1`, `hmac-sha1-etm@openssh.com`, `hmac-sha2-256`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512`, `hmac-sha2-512-etm@openssh.com`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`, `hmac-ripemd160-etm@openssh.com`, `umac-64@openssh.com`, `umac-128@openssh.com`, `umac-64-etm@openssh.com`, `umac-128-etm@openssh.com`. */ readonly sshMacAlgo: pulumi.Output<string>; /** * Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: `enable`, `disable`. */ readonly sshMacWeak: pulumi.Output<string>; /** * Minimum supported protocol version for SSL/TLS connections (default = TLSv1.2). */ readonly sslMinProtoVersion: pulumi.Output<string>; /** * Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: `enable`, `disable`. */ readonly sslStaticKeyCiphers: pulumi.Output<string>; /** * Enable/disable SSL VPN hardware acceleration. Valid values: `enable`, `disable`. */ readonly sslvpnCipherHardwareAcceleration: pulumi.Output<string>; /** * Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: `enable`, `disable`. */ readonly sslvpnEmsSnCheck: pulumi.Output<string>; /** * Enable/disable SSL VPN KXP hardware acceleration. Valid values: `enable`, `disable`. */ readonly sslvpnKxpHardwareAcceleration: pulumi.Output<string>; /** * Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. */ readonly sslvpnMaxWorkerCount: pulumi.Output<number>; /** * Enable/disable checking browser's plugin version by SSL VPN. Valid values: `enable`, `disable`. */ readonly sslvpnPluginVersionCheck: pulumi.Output<string>; /** * Enable/disable SSL-VPN web mode. Valid values: `enable`, `disable`. */ readonly sslvpnWebMode: pulumi.Output<string>; /** * Enable to check the session against the original policy when revalidating. This can prevent dropping of redirected sessions when web-filtering and authentication are enabled together. If this option is enabled, the FortiGate unit deletes a session if a routing or policy change causes the session to no longer match the policy that originally allowed the session. Valid values: `enable`, `disable`. */ readonly strictDirtySessionCheck: pulumi.Output<string>; /** * Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Valid values: `enable`, `disable`. */ readonly strongCrypto: pulumi.Output<string>; /** * Enable/disable switch controller feature. Switch controller allows you to manage FortiSwitch from the FortiGate itself. Valid values: `disable`, `enable`. */ readonly switchController: pulumi.Output<string>; /** * Enable reserved network subnet for controlled switches. This is available when the switch controller is enabled. */ readonly switchControllerReservedNetwork: pulumi.Output<string>; /** * Time in minutes between updates of performance statistics logging. (1 - 15 min, default = 5, 0 = disabled). */ readonly sysPerfLogInterval: pulumi.Output<number>; /** * Affinity setting for syslog (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). */ readonly syslogAffinity: pulumi.Output<string>; /** * Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has not responded (1 - 86400 sec (1 day), default = 120). */ readonly tcpHalfcloseTimer: pulumi.Output<number>; /** * Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the other has not responded (1 - 86400 sec (1 day), default = 10). */ readonly tcpHalfopenTimer: pulumi.Output<number>; /** * Enable SACK, timestamp and MSS TCP options. Valid values: `enable`, `disable`. */ readonly tcpOption: pulumi.Output<string>; /** * Length of the TCP CLOSE state in seconds (5 - 300 sec, default = 5). */ readonly tcpRstTimer: pulumi.Output<number>; /** * Length of the TCP TIME-WAIT state in seconds (1 - 300 sec, default = 1). */ readonly tcpTimewaitTimer: pulumi.Output<number>; /** * Enable/disable TFTP. Valid values: `enable`, `disable`. */ readonly tftp: pulumi.Output<string>; /** * Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. */ readonly timezone: pulumi.Output<string>; /** * Enable/disable skip policy check and allow multicast through. Valid values: `enable`, `disable`. */ readonly tpMcSkipPolicy: pulumi.Output<string>; /** * Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: `tos`, `dscp`. */ readonly trafficPriority: pulumi.Output<string>; /**