@pulumiverse/fortios

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Configure Virtual Access Points (VAPs). * * ## Import * * WirelessController Vap can be imported using any of these accepted formats: * * ```sh * $ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}} * ``` * * If you do not want to import arguments of block: * * $ export "FORTIOS_IMPORT_TABLE"="false" * * ```sh * $ pulumi import fortios:wirelesscontroller/vap:Vap labelname {{name}} * ``` * * $ unset "FORTIOS_IMPORT_TABLE" */ export declare class Vap extends pulumi.CustomResource { /** * Get an existing Vap resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VapState, opts?: pulumi.CustomResourceOptions): Vap; /** * Returns true if the given object is an instance of Vap. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Vap; /** * access-control-list profile name. */ readonly accessControlList: pulumi.Output<string>; /** * WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). */ readonly acctInterimInterval: pulumi.Output<number>; /** * Additional AKMs. */ readonly additionalAkms: pulumi.Output<string>; /** * Address group ID. */ readonly addressGroup: pulumi.Output<string>; /** * Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: `disable`, `allow`, `deny`. */ readonly addressGroupPolicy: pulumi.Output<string>; /** * WPA3 SAE using group-dependent hash only (default = disable). Valid values: `disable`, `enable`. */ readonly akm24Only: pulumi.Output<string>; /** * Alias. */ readonly alias: pulumi.Output<string>; /** * AntiVirus profile name. */ readonly antivirusProfile: pulumi.Output<string>; /** * Enable/disable application detection engine (default = disable). Valid values: `enable`, `disable`. */ readonly applicationDetectionEngine: pulumi.Output<string>; /** * Enable/disable application attribute based DSCP marking (default = disable). Valid values: `enable`, `disable`. */ readonly applicationDscpMarking: pulumi.Output<string>; /** * Application control list name. */ readonly applicationList: pulumi.Output<string>; /** * Application report interval (30 - 864000 sec, default = 120). */ readonly applicationReportIntv: pulumi.Output<number>; /** * Airtime weight in percentage (default = 20). */ readonly atfWeight: pulumi.Output<number>; /** * Authentication protocol. */ readonly auth: pulumi.Output<string>; /** * HTTPS server certificate. */ readonly authCert: pulumi.Output<string>; /** * Address of captive portal. */ readonly authPortalAddr: pulumi.Output<string>; /** * Fortinet beacon advertising IE data (default = empty). Valid values: `name`, `model`, `serial-number`. */ readonly beaconAdvertising: pulumi.Output<string>; /** * Enable/disable beacon protection support (default = disable). Valid values: `disable`, `enable`. */ readonly beaconProtection: pulumi.Output<string>; /** * Enable/disable broadcasting the SSID (default = enable). Valid values: `enable`, `disable`. */ readonly broadcastSsid: pulumi.Output<string>; /** * Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. */ readonly broadcastSuppression: pulumi.Output<string>; /** * Enable/disable 802.11ax partial BSS color (default = enable). Valid values: `enable`, `disable`. */ readonly bssColorPartial: pulumi.Output<string>; /** * Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: `enable`, `disable`. */ readonly bstmDisassociationImminent: pulumi.Output<string>; /** * Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). */ readonly bstmLoadBalancingDisassocTimer: pulumi.Output<number>; /** * Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). */ readonly bstmRssiDisassocTimer: pulumi.Output<number>; /** * Enable/disable captive portal. Valid values: `enable`, `disable`. */ readonly captivePortal: pulumi.Output<string>; /** * Local-bridging captive portal ac-name. */ readonly captivePortalAcName: pulumi.Output<string>; /** * Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). */ readonly captivePortalAuthTimeout: pulumi.Output<number>; /** * Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: `enable`, `disable`. */ readonly captivePortalFwAccounting: pulumi.Output<string>; /** * Secret key to access the macauth RADIUS server. */ readonly captivePortalMacauthRadiusSecret: pulumi.Output<string | undefined>; /** * Captive portal external RADIUS server domain name or IP address. */ readonly captivePortalMacauthRadiusServer: pulumi.Output<string>; /** * Secret key to access the RADIUS server. */ readonly captivePortalRadiusSecret: pulumi.Output<string | undefined>; /** * Captive portal RADIUS server domain name or IP address. */ readonly captivePortalRadiusServer: pulumi.Output<string>; /** * Session timeout interval (0 - 864000 sec, default = 0). */ readonly captivePortalSessionTimeoutInterval: pulumi.Output<number>; /** * Enable/disable DHCP address enforcement (default = disable). Valid values: `enable`, `disable`. */ readonly dhcpAddressEnforcement: pulumi.Output<string>; /** * DHCP lease time in seconds for NAT IP address. */ readonly dhcpLeaseTime: pulumi.Output<number>; /** * Enable/disable insertion of DHCP option 43 (default = enable). Valid values: `enable`, `disable`. */ readonly dhcpOption43Insertion: pulumi.Output<string>; /** * Enable/disable DHCP option 82 circuit-id insert (default = disable). */ readonly dhcpOption82CircuitIdInsertion: pulumi.Output<string>; /** * Enable/disable DHCP option 82 insert (default = disable). Valid values: `enable`, `disable`. */ readonly dhcpOption82Insertion: pulumi.Output<string>; /** * Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: `style-1`, `disable`. */ readonly dhcpOption82RemoteIdInsertion: pulumi.Output<string>; /** * Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ]. */ readonly dynamicSortSubtable: pulumi.Output<string | undefined>; /** * Enable/disable dynamic VLAN assignment. Valid values: `enable`, `disable`. */ readonly dynamicVlan: pulumi.Output<string>; /** * Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: `enable`, `disable`. */ readonly eapReauth: pulumi.Output<string>; /** * EAP re-authentication interval (1800 - 864000 sec, default = 86400). */ readonly eapReauthIntv: pulumi.Output<number>; /** * Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: `disable`, `enable`. */ readonly eapolKeyRetries: pulumi.Output<string>; /** * Encryption protocol to use (only available when security is set to a WPA type). Valid values: `TKIP`, `AES`, `TKIP-AES`. */ readonly encrypt: pulumi.Output<string>; /** * Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: `enable`, `disable`. */ readonly externalFastRoaming: pulumi.Output<string>; /** * URL of external authentication logout server. */ readonly externalLogout: pulumi.Output<string>; /** * URL of external authentication web server. */ readonly externalWeb: pulumi.Output<string>; /** * URL query parameter detection (default = auto-detect). Valid values: `auto-detect`, `no-query-string`, `partial-query-string`. */ readonly externalWebFormat: pulumi.Output<string>; /** * Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: `disable`, `enable`. */ readonly fastBssTransition: pulumi.Output<string>; /** * Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: `enable`, `disable`. */ readonly fastRoaming: pulumi.Output<string>; /** * Mobility domain identifier in FT (1 - 65535, default = 1000). */ readonly ftMobilityDomain: pulumi.Output<number>; /** * Enable/disable FT over the Distribution System (DS). Valid values: `disable`, `enable`. */ readonly ftOverDs: pulumi.Output<string>; /** * Lifetime of the PMK-R0 key in FT, 1-65535 minutes. */ readonly ftR0KeyLifetime: pulumi.Output<number>; /** * GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). */ readonly gasComebackDelay: pulumi.Output<number>; /** * GAS fragmentation limit (512 - 4096, default = 1024). */ readonly gasFragmentationLimit: pulumi.Output<number>; /** * Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. */ readonly getAllTables: pulumi.Output<string | undefined>; /** * Enable/disable GTK rekey for WPA security. Valid values: `enable`, `disable`. */ readonly gtkRekey: pulumi.Output<string>; /** * GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec. */ readonly gtkRekeyIntv: pulumi.Output<number>; /** * Enable/disable 802.11ax high efficiency (default = enable). Valid values: `enable`, `disable`. */ readonly highEfficiency: pulumi.Output<string>; /** * Hotspot 2.0 profile name. */ readonly hotspot20Profile: pulumi.Output<string>; /** * Enable/disable IGMP snooping. Valid values: `enable`, `disable`. */ readonly igmpSnooping: pulumi.Output<string>; /** * Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: `enable`, `disable`. */ readonly intraVapPrivacy: pulumi.Output<string>; /** * IP address and subnet mask for the local standalone NAT subnet. */ readonly ip: pulumi.Output<string>; /** * IPS sensor name. */ readonly ipsSensor: pulumi.Output<string>; /** * Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: `drop-icmp6ra`, `drop-icmp6rs`, `drop-llmnr6`, `drop-icmp6mld2`, `drop-dhcp6s`, `drop-dhcp6c`, `ndp-proxy`, `drop-ns-dad`, `drop-ns-nondad`. */ readonly ipv6Rules: pulumi.Output<string>; /** * WEP Key. */ readonly key: pulumi.Output<string | undefined>; /** * WEP key index (1 - 4). */ readonly keyindex: pulumi.Output<number>; /** * Enable/disable layer 3 roaming (default = disable). Valid values: `enable`, `disable`. */ readonly l3Roaming: pulumi.Output<string>; /** * Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: `direct`, `indirect`. */ readonly l3RoamingMode: pulumi.Output<string>; /** * VAP low-density parity-check (LDPC) coding configuration. Valid values: `disable`, `rx`, `tx`, `rxtx`. */ readonly ldpc: pulumi.Output<string>; /** * Enable/disable AP local authentication. Valid values: `enable`, `disable`. */ readonly localAuthentication: pulumi.Output<string>; /** * Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: `enable`, `disable`. */ readonly localBridging: pulumi.Output<string>; /** * Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: `allow`, `deny`. */ readonly localLan: pulumi.Output<string>; /** * Enable/disable AP local standalone (default = disable). Valid values: `enable`, `disable`. */ readonly localStandalone: pulumi.Output<string>; /** * Enable/disable AP local standalone DNS. Valid values: `enable`, `disable`. */ readonly localStandaloneDns: pulumi.Output<string>; /** * IPv4 addresses for the local standalone DNS. */ readonly localStandaloneDnsIp: pulumi.Output<string>; /** * Enable/disable AP local standalone NAT mode. Valid values: `enable`, `disable`. */ readonly localStandaloneNat: pulumi.Output<string>; /** * Enable/disable MAC authentication bypass. Valid values: `enable`, `disable`. */ readonly macAuthBypass: pulumi.Output<string>; /** * MAC called station delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ readonly macCalledStationDelimiter: pulumi.Output<string>; /** * MAC calling station delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ readonly macCallingStationDelimiter: pulumi.Output<string>; /** * MAC case (default = uppercase). Valid values: `uppercase`, `lowercase`. */ readonly macCase: pulumi.Output<string>; /** * Enable/disable MAC filtering to block wireless clients by mac address. Valid values: `enable`, `disable`. */ readonly macFilter: pulumi.Output<string>; /** * Create a list of MAC addresses for MAC address filtering. The structure of `macFilterList` block is documented below. */ readonly macFilterLists: pulumi.Output<outputs.wirelesscontroller.VapMacFilterList[] | undefined>; /** * Allow or block clients with MAC addresses that are not in the filter list. Valid values: `allow`, `deny`. */ readonly macFilterPolicyOther: pulumi.Output<string>; /** * MAC authentication password delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ readonly macPasswordDelimiter: pulumi.Output<string>; /** * MAC authentication username delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ readonly macUsernameDelimiter: pulumi.Output<string>; /** * Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). */ readonly maxClients: pulumi.Output<number>; /** * Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). */ readonly maxClientsAp: pulumi.Output<number>; /** * Enable/disable Multiband Operation (default = disable). Valid values: `disable`, `enable`. */ readonly mbo: pulumi.Output<string>; /** * MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: `excluded`, `prefer-not`, `prefer-use`. */ readonly mboCellDataConnPref: pulumi.Output<string>; /** * Disable multicast enhancement when this many clients are receiving multicast traffic. */ readonly meDisableThresh: pulumi.Output<number>; /** * Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: `enable`, `disable`. */ readonly meshBackhaul: pulumi.Output<string>; /** * Enable/disable multiple pre-shared keys (PSKs.) Valid values: `enable`, `disable`. */ readonly mpsk: pulumi.Output<string>; /** * Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. */ readonly mpskConcurrentClients: pulumi.Output<number>; /** * Pre-shared keys that can be used to connect to this virtual access point. The structure of `mpskKey` block is documented below. */ readonly mpskKeys: pulumi.Output<outputs.wirelesscontroller.VapMpskKey[] | undefined>; /** * MPSK profile name. */ readonly mpskProfile: pulumi.Output<string>; /** * Enable/disable Multi-user MIMO (default = enable). Valid values: `enable`, `disable`. */ readonly muMimo: pulumi.Output<string>; /** * Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: `enable`, `disable`. */ readonly multicastEnhance: pulumi.Output<string>; /** * Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: `0`, `6000`, `12000`, `24000`. */ readonly multicastRate: pulumi.Output<string>; /** * Enable/disable 802.11k assisted roaming (default = enable). Valid values: `disable`, `enable`. */ readonly n80211k: pulumi.Output<string>; /** * Enable/disable 802.11v assisted roaming (default = enable). Valid values: `disable`, `enable`. */ readonly n80211v: pulumi.Output<string>; /** * Enable/disable network access control. Valid values: `enable`, `disable`. */ readonly nac: pulumi.Output<string>; /** * NAC profile name. */ readonly nacProfile: pulumi.Output<string>; /** * Virtual AP name. */ readonly name: pulumi.Output<string>; /** * Enable/disable NAS filter rule support (default = disable). Valid values: `enable`, `disable`. */ readonly nasFilterRule: pulumi.Output<string>; /** * Enable/disable dual-band neighbor report (default = disable). Valid values: `disable`, `enable`. */ readonly neighborReportDualBand: pulumi.Output<string>; /** * Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: `disable`, `enable`. */ readonly okc: pulumi.Output<string>; /** * Enable/disable OSEN as part of key management (default = disable). Valid values: `enable`, `disable`. */ readonly osen: pulumi.Output<string>; /** * OWE-Groups. Valid values: `19`, `20`, `21`. */ readonly oweGroups: pulumi.Output<string>; /** * Enable/disable OWE transition mode support. Valid values: `disable`, `enable`. */ readonly oweTransition: pulumi.Output<string>; /** * OWE transition mode peer SSID. */ readonly oweTransitionSsid: pulumi.Output<string>; /** * WPA pre-shard key (PSK) to be used to authenticate WiFi users. */ readonly passphrase: pulumi.Output<string | undefined>; /** * Protected Management Frames (PMF) support (default = disable). Valid values: `disable`, `enable`, `optional`. */ readonly pmf: pulumi.Output<string>; /** * Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). */ readonly pmfAssocComebackTimeout: pulumi.Output<number>; /** * Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). */ readonly pmfSaQueryRetryTimeout: pulumi.Output<number>; /** * Enable/disable LAN port MAC authentication (default = disable). Valid values: `disable`, `radius`, `address-group`. */ readonly portMacauth: pulumi.Output<string>; /** * LAN port MAC authentication re-authentication timeout value (default = 7200 sec). */ readonly portMacauthReauthTimeout: pulumi.Output<number>; /** * LAN port MAC authentication idle timeout value (default = 600 sec). */ readonly portMacauthTimeout: pulumi.Output<number>; /** * Replacement message group for this VAP (only available when security is set to a captive portal type). */ readonly portalMessageOverrideGroup: pulumi.Output<string>; /** * Individual message overrides. The structure of `portalMessageOverrides` block is documented below. */ readonly portalMessageOverrides: pulumi.Output<outputs.wirelesscontroller.VapPortalMessageOverrides>; /** * Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. */ readonly portalType: pulumi.Output<string>; /** * Primary wireless access gateway profile name. */ readonly primaryWagProfile: pulumi.Output<string>; /** * Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: `enable`, `disable`. */ readonly probeRespSuppression: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80). */ readonly probeRespThreshold: pulumi.Output<string>; /** * Enable/disable PTK rekey for WPA-Enterprise security. Valid values: `enable`, `disable`. */ readonly ptkRekey: pulumi.Output<string>; /** * PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec. */ readonly ptkRekeyIntv: pulumi.Output<number>; /** * Quality of service profile name. */ readonly qosProfile: pulumi.Output<string>; /** * Enable/disable station quarantine (default = enable). Valid values: `enable`, `disable`. */ readonly quarantine: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79). */ readonly radio2gThreshold: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76). */ readonly radio5gThreshold: pulumi.Output<string>; /** * Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: `enable`, `disable`. */ readonly radioSensitivity: pulumi.Output<string>; /** * Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: `enable`, `disable`. */ readonly radiusMacAuth: pulumi.Output<string>; /** * Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). */ readonly radiusMacAuthBlockInterval: pulumi.Output<number>; /** * RADIUS-based MAC authentication server. */ readonly radiusMacAuthServer: pulumi.Output<string>; /** * Selective user groups that are permitted for RADIUS mac authentication. The structure of `radiusMacAuthUsergroups` block is documented below. */ readonly radiusMacAuthUsergroups: pulumi.Output<outputs.wirelesscontroller.VapRadiusMacAuthUsergroup[] | undefined>; /** * Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: `enable`, `disable`. */ readonly radiusMacMpskAuth: pulumi.Output<string>; /** * RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). */ readonly radiusMacMpskTimeout: pulumi.Output<number>; /** * RADIUS server to be used to authenticate WiFi users. */ readonly radiusServer: pulumi.Output<string>; /** * Allowed data rates for 802.11a. */ readonly rates11a: pulumi.Output<string>; /** * Comma separated list of max supported VHT MCS for spatial streams 1 through 8. */ readonly rates11acMcsMap: pulumi.Output<string>; /** * Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/1`, `mcs9/1`, `mcs10/1`, `mcs11/1`, `mcs0/2`, `mcs1/2`, `mcs2/2`, `mcs3/2`, `mcs4/2`, `mcs5/2`, `mcs6/2`, `mcs7/2`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`. */ readonly rates11acSs12: pulumi.Output<string>; /** * Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: `mcs0/3`, `mcs1/3`, `mcs2/3`, `mcs3/3`, `mcs4/3`, `mcs5/3`, `mcs6/3`, `mcs7/3`, `mcs8/3`, `mcs9/3`, `mcs10/3`, `mcs11/3`, `mcs0/4`, `mcs1/4`, `mcs2/4`, `mcs3/4`, `mcs4/4`, `mcs5/4`, `mcs6/4`, `mcs7/4`, `mcs8/4`, `mcs9/4`, `mcs10/4`, `mcs11/4`. */ readonly rates11acSs34: pulumi.Output<string>; /** * Comma separated list of max supported HE MCS for spatial streams 1 through 8. */ readonly rates11axMcsMap: pulumi.Output<string>; /** * Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/1`, `mcs9/1`, `mcs10/1`, `mcs11/1`, `mcs0/2`, `mcs1/2`, `mcs2/2`, `mcs3/2`, `mcs4/2`, `mcs5/2`, `mcs6/2`, `mcs7/2`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`. */ readonly rates11axSs12: pulumi.Output<string>; /** * Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: `mcs0/3`, `mcs1/3`, `mcs2/3`, `mcs3/3`, `mcs4/3`, `mcs5/3`, `mcs6/3`, `mcs7/3`, `mcs8/3`, `mcs9/3`, `mcs10/3`, `mcs11/3`, `mcs0/4`, `mcs1/4`, `mcs2/4`, `mcs3/4`, `mcs4/4`, `mcs5/4`, `mcs6/4`, `mcs7/4`, `mcs8/4`, `mcs9/4`, `mcs10/4`, `mcs11/4`. */ readonly rates11axSs34: pulumi.Output<string>; /** * Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth. */ readonly rates11beMcsMap: pulumi.Output<string>; /** * Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth. */ readonly rates11beMcsMap160: pulumi.Output<string>; /** * Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth. */ readonly rates11beMcsMap320: pulumi.Output<string>; /** * Allowed data rates for 802.11b/g. */ readonly rates11bg: pulumi.Output<string>; /** * Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`, `mcs12/2`, `mcs13/2`, `mcs14/2`, `mcs15/2`. */ readonly rates11nSs12: pulumi.Output<string>; /** * Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: `mcs16/3`, `mcs17/3`, `mcs18/3`, `mcs19/3`, `mcs20/3`, `mcs21/3`, `mcs22/3`, `mcs23/3`, `mcs24/4`, `mcs25/4`, `mcs26/4`, `mcs27/4`, `mcs28/4`, `mcs29/4`, `mcs30/4`, `mcs31/4`. */ readonly rates11nSs34: pulumi.Output<string>; /** * Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: `enable`, `disable`. */ readonly roamingAcctInterimUpdate: pulumi.Output<string>; /** * SAE-Groups. Valid values: `19`, `20`, `21`. */ readonly saeGroups: pulumi.Output<string>; /** * Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: `enable`, `disable`. */ readonly saeH2eOnly: pulumi.Output<string>; /** * Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: `enable`, `disable`. */ readonly saeHnpOnly: pulumi.Output<string>; /** * WPA3 SAE password to be used to authenticate WiFi users. */ readonly saePassword: pulumi.Output<string | undefined>; /** * Enable/disable WPA3 SAE-PK (default = disable). Valid values: `enable`, `disable`. */ readonly saePk: pulumi.Output<string>; /** * Private key used for WPA3 SAE-PK authentication. */ readonly saePrivateKey: pulumi.Output<string>; /** * Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: `disable`, `monitor`, `block`. */ readonly scanBotnetConnections: pulumi.Output<string>; /** * VAP schedule name. */ readonly schedule: pulumi.Output<string>; /** * Secondary wireless access gateway profile name. */ readonly secondaryWagProfile: pulumi.Output<string>; /** * Security mode for the wireless interface (default = wpa2-only-personal). */ readonly security: pulumi.Output<string>; /** * Optional security exempt list for captive portal authentication. */ readonly securityExemptList: pulumi.Output<string>; /** * Enable/disable obsolete security options. Valid values: `enable`, `disable`. */ readonly securityObsoleteOption: pulumi.Output<string>; /** * Optional URL for redirecting users after they pass captive portal authentication. */ readonly securityRedirectUrl: pulumi.Output<string>; /** * Selective user groups that are permitted to authenticate. The structure of `selectedUsergroups` block is documented below. */ readonly selectedUsergroups: pulumi.Output<outputs.wirelesscontroller.VapSelectedUsergroup[] | undefined>; /** * Enable/disable split tunneling (default = disable). Valid values: `enable`, `disable`. */ readonly splitTunneling: pulumi.Output<string>; /** * IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. */ readonly ssid: pulumi.Output<string>; /** * Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: `enable`, `disable`. */ readonly stickyClientRemove: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79). */ readonly stickyClientThreshold2g: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76). */ readonly stickyClientThreshold5g: pulumi.Output<string>; /** * Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76). */ readonly stickyClientThreshold6g: pulumi.Output<string>; /** * Enable/disable 802.11ax target wake time (default = enable). Valid values: `enable`, `disable`. */ readonly targetWakeTime: pulumi.Output<string>; /** * Enable/disable TKIP counter measure. Valid values: `enable`, `disable`. */ readonly tkipCounterMeasure: pulumi.Output<string>; /** * The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). */ readonly tunnelEchoInterval: pulumi.Output<number>; /** * The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). */ readonly tunnelFallbackInterval: pulumi.Output<number>; /** * Firewall user group to be used to authenticate WiFi users. The structure of `usergroup` block is documented below. */ readonly usergroups: pulumi.Output<outputs.wirelesscontroller.VapUsergroup[] | undefined>; /** * Enable/disable UTM logging. Valid values: `enable`, `disable`. */ readonly utmLog: pulumi.Output<string>; /** * UTM profile name. */ readonly utmProfile: pulumi.Output<string>; /** * Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: `enable`, `disable`. */ readonly utmStatus: pulumi.Output<string>; /** * Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. */ readonly vdomparam: pulumi.Output<string>; /** * Enable/disable automatic management of SSID VLAN interface. Valid values: `enable`, `disable`. */ readonly vlanAuto: pulumi.Output<string>; /** * Table for mapping VLAN name to VLAN ID. The structure of `vlanName` block is documented below. */ readonly vlanNames: pulumi.Output<outputs.wirelesscontroller.VapVlanName[] | undefined>; /** * Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: `wtp-group`, `round-robin`, `hash`, `disable`. */ readonly vlanPooling: pulumi.Output<string>; /** * VLAN pool. The structure of `vlanPool` block is documented below. */ readonly vlanPools: pulumi.Output<outputs.wirelesscontroller.VapVlanPool[] | undefined>; /** * Optional VLAN ID. */ readonly vlanid: pulumi.Output<number>; /** * Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: `disable`, `enable`. */ readonly voiceEnterprise: pulumi.Output<string>; /** * WebFilter profile name. */ readonly webfilterProfile: pulumi.Output<string>; /** * Create a Vap resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: VapArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Vap resources. */ export interface VapState { /** * access-control-list profile name. */ accessControlList?: pulumi.Input<string>; /** * WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). */ acctInterimInterval?: pulumi.Input<number>; /** * Additional AKMs. */ additionalAkms?: pulumi.Input<string>; /** * Address group ID. */ addressGroup?: pulumi.Input<string>; /** * Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: `disable`, `allow`, `deny`. */ addressGroupPolicy?: pulumi.Input<string>; /** * WPA3 SAE using group-dependent hash only (default = disable). Valid values: `disable`, `enable`. */ akm24Only?: pulumi.Input<string>; /** * Alias. */ alias?: pulumi.Input<string>; /** * AntiVirus profile name. */ antivirusProfile?: pulumi.Input<string>; /** * Enable/disable application detection engine (default = disable). Valid values: `enable`, `disable`. */ applicationDetectionEngine?: pulumi.Input<string>; /** * Enable/disable application attribute based DSCP marking (default = disable). Valid values: `enable`, `disable`. */ applicationDscpMarking?: pulumi.Input<string>; /** * Application control list name. */ applicationList?: pulumi.Input<string>; /** * Application report interval (30 - 864000 sec, default = 120). */ applicationReportIntv?: pulumi.Input<number>; /** * Airtime weight in percentage (default = 20). */ atfWeight?: pulumi.Input<number>; /** * Authentication protocol. */ auth?: pulumi.Input<string>; /** * HTTPS server certificate. */ authCert?: pulumi.Input<string>; /** * Address of captive portal. */ authPortalAddr?: pulumi.Input<string>; /** * Fortinet beacon advertising IE data (default = empty). Valid values: `name`, `model`, `serial-number`. */ beaconAdvertising?: pulumi.Input<string>; /** * Enable/disable beacon protection support (default = disable). Valid values: `disable`, `enable`. */ beaconProtection?: pulumi.Input<string>; /** * Enable/disable broadcasting the SSID (default = enable). Valid values: `enable`, `disable`. */ broadcastSsid?: pulumi.Input<string>; /** * Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. */ broadcastSuppression?: pulumi.Input<string>; /** * Enable/disable 802.11ax partial BSS color (default = enable). Valid values: `enable`, `disable`. */ bssColorPartial?: pulumi.Input<string>; /** * Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: `enable`, `disable`. */ bstmDisassociationImminent?: pulumi.Input<string>; /** * Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10). */ bstmLoadBalancingDisassocTimer?: pulumi.Input<number>; /** * Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200). */ bstmRssiDisassocTimer?: pulumi.Input<number>; /** * Enable/disable captive portal. Valid values: `enable`, `disable`. */ captivePortal?: pulumi.Input<string>; /** * Local-bridging captive portal ac-name. */ captivePortalAcName?: pulumi.Input<string>; /** * Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0). */ captivePortalAuthTimeout?: pulumi.Input<number>; /** * Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: `enable`, `disable`. */ captivePortalFwAccounting?: pulumi.Input<string>; /** * Secret key to access the macauth RADIUS server. */ captivePortalMacauthRadiusSecret?: pulumi.Input<string>; /** * Captive portal external RADIUS server domain name or IP address. */ captivePortalMacauthRadiusServer?: pulumi.Input<string>; /** * Secret key to access the RADIUS server. */ captivePortalRadiusSecret?: pulumi.Input<string>; /** * Captive portal RADIUS server domain name or IP address. */ captivePortalRadiusServer?: pulumi.Input<string>; /** * Session timeout interval (0 - 864000 sec, default = 0). */ captivePortalSessionTimeoutInterval?: pulumi.Input<number>; /** * Enable/disable DHCP address enforcement (default = disable). Valid values: `enable`, `disable`. */ dhcpAddressEnforcement?: pulumi.Input<string>; /** * DHCP lease time in seconds for NAT IP address. */ dhcpLeaseTime?: pulumi.Input<number>; /** * Enable/disable insertion of DHCP option 43 (default = enable). Valid values: `enable`, `disable`. */ dhcpOption43Insertion?: pulumi.Input<string>; /** * Enable/disable DHCP option 82 circuit-id insert (default = disable). */ dhcpOption82CircuitIdInsertion?: pulumi.Input<string>; /** * Enable/disable DHCP option 82 insert (default = disable). Valid values: `enable`, `disable`. */ dhcpOption82Insertion?: pulumi.Input<string>; /** * Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: `style-1`, `disable`. */ dhcpOption82RemoteIdInsertion?: pulumi.Input<string>; /** * Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ]. */ dynamicSortSubtable?: pulumi.Input<string>; /** * Enable/disable dynamic VLAN assignment. Valid values: `enable`, `disable`. */ dynamicVlan?: pulumi.Input<string>; /** * Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: `enable`, `disable`. */ eapReauth?: pulumi.Input<string>; /** * EAP re-authentication interval (1800 - 864000 sec, default = 86400). */ eapReauthIntv?: pulumi.Input<number>; /** * Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: `disable`, `enable`. */ eapolKeyRetries?: pulumi.Input<string>; /** * Encryption protocol to use (only available when security is set to a WPA type). Valid values: `TKIP`, `AES`, `TKIP-AES`. */ encrypt?: pulumi.Input<string>; /** * Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: `enable`, `disable`. */ externalFastRoaming?: pulumi.Input<string>; /** * URL of external authentication logout server. */ externalLogout?: pulumi.Input<string>; /** * URL of external authentication web server. */ externalWeb?: pulumi.Input<string>; /** * URL query parameter detection (default = auto-detect). Valid values: `auto-detect`, `no-query-string`, `partial-query-string`. */ externalWebFormat?: pulumi.Input<string>; /** * Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: `disable`, `enable`. */ fastBssTransition?: pulumi.Input<string>; /** * Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: `enable`, `disable`. */ fastRoaming?: pulumi.Input<string>; /** * Mobility domain identifier in FT (1 - 65535, default = 1000). */ ftMobilityDomain?: pulumi.Input<number>; /** * Enable/disable FT over the Distribution System (DS). Valid values: `disable`, `enable`. */ ftOverDs?: pulumi.Input<string>; /** * Lifetime of the PMK-R0 key in FT, 1-65535 minutes. */ ftR0KeyLifetime?: pulumi.Input<number>; /** * GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). */ gasComebackDelay?: pulumi.Input<number>; /** * GAS fragmentation limit (512 - 4096, default = 1024). */ gasFragmentationLimit?: pulumi.Input<number>; /** * Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. */ getAllTables?: pulumi.Input<string>; /** * Enable/disable GTK rekey for WPA security. Valid values: `enable`, `disable`. */ gtkRekey?: pulumi.Input<string>; /** * GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec. */ gtkRekeyIntv?: pulumi.Input<number>; /** * Enable/disable 802.11ax high efficiency (default = enable). Valid values: `enable`, `disable`. */ highEfficiency?: pulumi.Input<string>; /** * Hotspot 2.0 profile name. */ hotspot20Profile?: pulumi.Input<string>; /** * Enable/disable IGMP snooping. Valid values: `enable`, `disable`. */ igmpSnooping?: pulumi.Input<string>; /** * Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: `enable`, `disable`. */ intraVapPrivacy?: pulumi.Input<string>; /** * IP address and subnet mask for the local standalone NAT subnet. */ ip?: pulumi.Input<string>; /** * IPS sensor name. */ ipsSensor?: pulumi.Input<string>; /** * Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: `drop-icmp6ra`, `drop-icmp6rs`, `drop-llmnr6`, `drop-icmp6mld2`, `drop-dhcp6s`, `drop-dhcp6c`, `ndp-proxy`, `drop-ns-dad`, `drop-ns-nondad`. */ ipv6Rules?: pulumi.Input<string>; /** * WEP Key. */ key?: pulumi.Input<string>; /** * WEP key index (1 - 4). */ keyindex?: pulumi.Input<number>; /** * Enable/disable layer 3 roaming (default = disable). Valid values: `enable`, `disable`. */ l3Roaming?: pulumi.Input<string>; /** * Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: `direct`, `indirect`. */ l3RoamingMode?: pulumi.Input<string>; /** * VAP low-density parity-check (LDPC) coding configuration. Valid values: `disable`, `rx`, `tx`, `rxtx`. */ ldpc?: pulumi.Input<string>; /** * Enable/disable AP local authentication. Valid values: `enable`, `disable`. */ localAuthentication?: pulumi.Input<string>; /** * Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: `enable`, `disable`. */ localBridging?: pulumi.Input<string>; /** * Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: `allow`, `deny`. */ localLan?: pulumi.Input<string>; /** * Enable/disable AP local standalone (default = disable). Valid values: `enable`, `disable`. */ localStandalone?: pulumi.Input<string>; /** * Enable/disable AP local standalone DNS. Valid values: `enable`, `disable`. */ localStandaloneDns?: pulumi.Input<string>; /** * IPv4 addresses for the local standalone DNS. */ localStandaloneDnsIp?: pulumi.Input<string>; /** * Enable/disable AP local standalone NAT mode. Valid values: `enable`, `disable`. */ localStandaloneNat?: pulumi.Input<string>; /** * Enable/disable MAC authentication bypass. Valid values: `enable`, `disable`. */ macAuthBypass?: pulumi.Input<string>; /** * MAC called station delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ macCalledStationDelimiter?: pulumi.Input<string>; /** * MAC calling station delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ macCallingStationDelimiter?: pulumi.Input<string>; /** * MAC case (default = uppercase). Valid values: `uppercase`, `lowercase`. */ macCase?: pulumi.Input<string>; /** * Enable/disable MAC filtering to block wireless clients by mac address. Valid values: `enable`, `disable`. */ macFilter?: pulumi.Input<string>; /** * Create a list of MAC addresses for MAC address filtering. The structure of `macFilterList` block is documented below. */ macFilterLists?: pulumi.Input<pulumi.Input<inputs.wirelesscontroller.VapMacFilterList>[]>; /** * Allow or block clients with MAC addresses that are not in the filter list. Valid values: `allow`, `deny`. */ macFilterPolicyOther?: pulumi.Input<string>; /** * MAC authentication password delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ macPasswordDelimiter?: pulumi.Input<string>; /** * MAC authentication username delimiter (default = hyphen). Valid values: `hyphen`, `single-hyphen`, `colon`, `none`. */ macUsernameDelimiter?: pulumi.Input<string>; /** * Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). */ maxClients?: pulumi.Input<number>; /** * Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). */ maxClientsAp?: pulumi.Input<number>; /** * Enable/disable Multiband Operation (default = disable). Valid values: `disable`, `enable`. */ mbo?: pulumi.Input<string>; /** * MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: `excluded`, `prefer-not`, `prefer-use`. */ mboCellDataConnPref?: pulumi.Input<string>; /** * Disable multicast enhancement when this many clients are receiving multicast traffic. */ meDisableThresh?: pulumi.Input<number>; /** * Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: `enable`, `disable`. */ meshBackhaul?: pulumi.Input<string>; /** * Enable/disa