Fortios v0.0.6, Jul 9 24

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/ssl.Settings

Explore with Pulumi AI

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";

const trname = new fortios.vpn.ssl.Settings("trname", {
    loginAttemptLimit: 2,
    loginBlockTime: 60,
    loginTimeout: 30,
    port: 443,
    servercert: "self-sign",
});

import pulumi
import pulumiverse_fortios as fortios

trname = fortios.vpn.ssl.Settings("trname",
    login_attempt_limit=2,
    login_block_time=60,
    login_timeout=30,
    port=443,
    servercert="self-sign")

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vpn.NewSettings(ctx, "trname", &vpn.SettingsArgs{
			LoginAttemptLimit: pulumi.Int(2),
			LoginBlockTime:    pulumi.Int(60),
			LoginTimeout:      pulumi.Int(30),
			Port:              pulumi.Int(443),
			Servercert:        pulumi.String("self-sign"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Vpn.Ssl.Settings("trname", new()
    {
        LoginAttemptLimit = 2,
        LoginBlockTime = 60,
        LoginTimeout = 30,
        Port = 443,
        Servercert = "self-sign",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.vpn.Settings;
import com.pulumi.fortios.vpn.SettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new Settings("trname", SettingsArgs.builder()
            .loginAttemptLimit(2)
            .loginBlockTime(60)
            .loginTimeout(30)
            .port(443)
            .servercert("self-sign")
            .build());

    }
}

resources:
  trname:
    type: fortios:vpn/ssl:Settings
    properties:
      loginAttemptLimit: 2
      loginBlockTime: 60
      loginTimeout: 30
      port: 443
      servercert: self-sign

Create Settings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Settings(name: string, args?: SettingsArgs, opts?: CustomResourceOptions);

@overload
def Settings(resource_name: str,
             args: Optional[SettingsArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Settings(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             algorithm: Optional[str] = None,
             auth_session_check_source_ip: Optional[str] = None,
             auth_timeout: Optional[int] = None,
             authentication_rules: Optional[Sequence[SettingsAuthenticationRuleArgs]] = None,
             auto_tunnel_static_route: Optional[str] = None,
             banned_cipher: Optional[str] = None,
             browser_language_detection: Optional[str] = None,
             check_referer: Optional[str] = None,
             ciphersuite: Optional[str] = None,
             client_sigalgs: Optional[str] = None,
             default_portal: Optional[str] = None,
             deflate_compression_level: Optional[int] = None,
             deflate_min_data_size: Optional[int] = None,
             dns_server1: Optional[str] = None,
             dns_server2: Optional[str] = None,
             dns_suffix: Optional[str] = None,
             dtls_heartbeat_fail_count: Optional[int] = None,
             dtls_heartbeat_idle_timeout: Optional[int] = None,
             dtls_heartbeat_interval: Optional[int] = None,
             dtls_hello_timeout: Optional[int] = None,
             dtls_max_proto_ver: Optional[str] = None,
             dtls_min_proto_ver: Optional[str] = None,
             dtls_tunnel: Optional[str] = None,
             dual_stack_mode: Optional[str] = None,
             dynamic_sort_subtable: Optional[str] = None,
             encode2f_sequence: Optional[str] = None,
             encrypt_and_store_password: Optional[str] = None,
             force_two_factor_auth: Optional[str] = None,
             get_all_tables: Optional[str] = None,
             header_x_forwarded_for: Optional[str] = None,
             hsts_include_subdomains: Optional[str] = None,
             http_compression: Optional[str] = None,
             http_only_cookie: Optional[str] = None,
             http_request_body_timeout: Optional[int] = None,
             http_request_header_timeout: Optional[int] = None,
             https_redirect: Optional[str] = None,
             idle_timeout: Optional[int] = None,
             ipv6_dns_server1: Optional[str] = None,
             ipv6_dns_server2: Optional[str] = None,
             ipv6_wins_server1: Optional[str] = None,
             ipv6_wins_server2: Optional[str] = None,
             login_attempt_limit: Optional[int] = None,
             login_block_time: Optional[int] = None,
             login_timeout: Optional[int] = None,
             port: Optional[int] = None,
             port_precedence: Optional[str] = None,
             reqclientcert: Optional[str] = None,
             route_source_interface: Optional[str] = None,
             saml_redirect_port: Optional[int] = None,
             server_hostname: Optional[str] = None,
             servercert: Optional[str] = None,
             source_address6_negate: Optional[str] = None,
             source_address6s: Optional[Sequence[SettingsSourceAddress6Args]] = None,
             source_address_negate: Optional[str] = None,
             source_addresses: Optional[Sequence[SettingsSourceAddressArgs]] = None,
             source_interfaces: Optional[Sequence[SettingsSourceInterfaceArgs]] = None,
             ssl_client_renegotiation: Optional[str] = None,
             ssl_insert_empty_fragment: Optional[str] = None,
             ssl_max_proto_ver: Optional[str] = None,
             ssl_min_proto_ver: Optional[str] = None,
             status: Optional[str] = None,
             tlsv10: Optional[str] = None,
             tlsv11: Optional[str] = None,
             tlsv12: Optional[str] = None,
             tlsv13: Optional[str] = None,
             transform_backward_slashes: Optional[str] = None,
             tunnel_addr_assigned_method: Optional[str] = None,
             tunnel_connect_without_reauth: Optional[str] = None,
             tunnel_ip_pools: Optional[Sequence[SettingsTunnelIpPoolArgs]] = None,
             tunnel_ipv6_pools: Optional[Sequence[SettingsTunnelIpv6PoolArgs]] = None,
             tunnel_user_session_timeout: Optional[int] = None,
             unsafe_legacy_renegotiation: Optional[str] = None,
             url_obscuration: Optional[str] = None,
             user_peer: Optional[str] = None,
             vdomparam: Optional[str] = None,
             web_mode_snat: Optional[str] = None,
             wins_server1: Optional[str] = None,
             wins_server2: Optional[str] = None,
             x_content_type_options: Optional[str] = None,
             ztna_trusted_client: Optional[str] = None)

func NewSettings(ctx *Context, name string, args *SettingsArgs, opts ...ResourceOption) (*Settings, error)

public Settings(string name, SettingsArgs? args = null, CustomResourceOptions? opts = null)

public Settings(String name, SettingsArgs args)
public Settings(String name, SettingsArgs args, CustomResourceOptions options)

type: fortios:vpn/ssl/settings:Settings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Settings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Settings resource accepts the following input properties:

Algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
AuthSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
AuthTimeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
AuthenticationRules List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRule>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
AutoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
BannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
BrowserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
CheckReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
Ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
ClientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
DefaultPortal string: Default SSL VPN portal.
DeflateCompressionLevel int: Compression level (0~9).
DeflateMinDataSize int: Minimum amount of data that triggers compression (200 - 65535 bytes).
DnsServer1 string: DNS server 1.
DnsServer2 string: DNS server 2.
DnsSuffix string: DNS suffix used for SSL-VPN clients.
DtlsHeartbeatFailCount int: Number of missing heartbeats before the connection is considered dropped.
DtlsHeartbeatIdleTimeout int: Idle timeout before DTLS heartbeat is sent.
DtlsHeartbeatInterval int: Interval between DTLS heartbeat.
DtlsHelloTimeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
DtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
DualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
EncryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
ForceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
HeaderXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
HstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
HttpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
HttpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
HttpRequestBodyTimeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
HttpRequestHeaderTimeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
HttpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
IdleTimeout int: SSL VPN disconnects if idle for specified time in seconds.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6WinsServer1 string: IPv6 WINS server 1.
Ipv6WinsServer2 string: IPv6 WINS server 2.
LoginAttemptLimit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
LoginBlockTime int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
LoginTimeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
Port int: SSL-VPN access port (1 - 65535).
PortPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
Reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
RouteSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
SamlRedirectPort int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
ServerHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
Servercert string: Name of the server certificate to be used for SSL-VPNs.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
SslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
SslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
SslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
SslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
Status string: Enable/disable SSL-VPN. Valid values: enable, disable.
Tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
Tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
Tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
Tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
TransformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
TunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
TunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
TunnelIpPools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpPool>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
TunnelIpv6Pools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpv6Pool>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
TunnelUserSessionTimeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
UnsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
UrlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
UserPeer string: Name of user peer.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WebModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
WinsServer1 string: WINS server 1.
WinsServer2 string: WINS server 2.
XContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ZtnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

Algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
AuthSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
AuthTimeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
AuthenticationRules []SettingsAuthenticationRuleArgs: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
AutoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
BannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
BrowserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
CheckReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
Ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
ClientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
DefaultPortal string: Default SSL VPN portal.
DeflateCompressionLevel int: Compression level (0~9).
DeflateMinDataSize int: Minimum amount of data that triggers compression (200 - 65535 bytes).
DnsServer1 string: DNS server 1.
DnsServer2 string: DNS server 2.
DnsSuffix string: DNS suffix used for SSL-VPN clients.
DtlsHeartbeatFailCount int: Number of missing heartbeats before the connection is considered dropped.
DtlsHeartbeatIdleTimeout int: Idle timeout before DTLS heartbeat is sent.
DtlsHeartbeatInterval int: Interval between DTLS heartbeat.
DtlsHelloTimeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
DtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
DualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
EncryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
ForceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
HeaderXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
HstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
HttpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
HttpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
HttpRequestBodyTimeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
HttpRequestHeaderTimeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
HttpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
IdleTimeout int: SSL VPN disconnects if idle for specified time in seconds.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6WinsServer1 string: IPv6 WINS server 1.
Ipv6WinsServer2 string: IPv6 WINS server 2.
LoginAttemptLimit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
LoginBlockTime int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
LoginTimeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
Port int: SSL-VPN access port (1 - 65535).
PortPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
Reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
RouteSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
SamlRedirectPort int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
ServerHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
Servercert string: Name of the server certificate to be used for SSL-VPNs.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s []SettingsSourceAddress6Args: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses []SettingsSourceAddressArgs: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces []SettingsSourceInterfaceArgs: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
SslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
SslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
SslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
SslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
Status string: Enable/disable SSL-VPN. Valid values: enable, disable.
Tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
Tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
Tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
Tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
TransformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
TunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
TunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
TunnelIpPools []SettingsTunnelIpPoolArgs: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
TunnelIpv6Pools []SettingsTunnelIpv6PoolArgs: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
TunnelUserSessionTimeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
UnsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
UrlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
UserPeer string: Name of user peer.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WebModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
WinsServer1 string: WINS server 1.
WinsServer2 string: WINS server 2.
XContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ZtnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm String: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp String: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout Integer: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules List<SettingsAuthenticationRule>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute String: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher String: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection String: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer String: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite String: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs String: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal String: Default SSL VPN portal.
deflateCompressionLevel Integer: Compression level (0~9).
deflateMinDataSize Integer: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 String: DNS server 1.
dnsServer2 String: DNS server 2.
dnsSuffix String: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount Integer: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout Integer: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval Integer: Interval between DTLS heartbeat.
dtlsHelloTimeout Integer: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer String: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer String: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel String: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode String: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence String: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword String: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth String: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor String: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains String: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression String: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie String: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout Integer: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout Integer: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect String: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout Integer: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6WinsServer1 String: IPv6 WINS server 1.
ipv6WinsServer2 String: IPv6 WINS server 2.
loginAttemptLimit Integer: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime Integer: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout Integer: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port Integer: SSL-VPN access port (1 - 65535).
portPrecedence String: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert String: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface String: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort Integer: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname String: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert String: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<SettingsSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<SettingsSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<SettingsSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation String: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment String: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer String: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer String: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status String: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 String: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 String: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 String: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 String: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes String: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod String: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth String: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools List<SettingsTunnelIpPool>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools List<SettingsTunnelIpv6Pool>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout Integer: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation String: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration String: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer String: Name of user peer.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat String: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 String: WINS server 1.
winsServer2 String: WINS server 2.
xContentTypeOptions String: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient String: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout number: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules SettingsAuthenticationRule[]: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal string: Default SSL VPN portal.
deflateCompressionLevel number: Compression level (0~9).
deflateMinDataSize number: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 string: DNS server 1.
dnsServer2 string: DNS server 2.
dnsSuffix string: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount number: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout number: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval number: Interval between DTLS heartbeat.
dtlsHelloTimeout number: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout number: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout number: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout number: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 string: IPv6 DNS server 1.
ipv6DnsServer2 string: IPv6 DNS server 2.
ipv6WinsServer1 string: IPv6 WINS server 1.
ipv6WinsServer2 string: IPv6 WINS server 2.
loginAttemptLimit number: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime number: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout number: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port number: SSL-VPN access port (1 - 65535).
portPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort number: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert string: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s SettingsSourceAddress6[]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses SettingsSourceAddress[]: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces SettingsSourceInterface[]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status string: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools SettingsTunnelIpPool[]: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools SettingsTunnelIpv6Pool[]: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout number: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer string: Name of user peer.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 string: WINS server 1.
winsServer2 string: WINS server 2.
xContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm str: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
auth_session_check_source_ip str: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
auth_timeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authentication_rules Sequence[SettingsAuthenticationRuleArgs]: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
auto_tunnel_static_route str: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
banned_cipher str: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browser_language_detection str: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
check_referer str: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite str: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
client_sigalgs str: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
default_portal str: Default SSL VPN portal.
deflate_compression_level int: Compression level (0~9).
deflate_min_data_size int: Minimum amount of data that triggers compression (200 - 65535 bytes).
dns_server1 str: DNS server 1.
dns_server2 str: DNS server 2.
dns_suffix str: DNS suffix used for SSL-VPN clients.
dtls_heartbeat_fail_count int: Number of missing heartbeats before the connection is considered dropped.
dtls_heartbeat_idle_timeout int: Idle timeout before DTLS heartbeat is sent.
dtls_heartbeat_interval int: Interval between DTLS heartbeat.
dtls_hello_timeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtls_max_proto_ver str: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtls_min_proto_ver str: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtls_tunnel str: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dual_stack_mode str: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2f_sequence str: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encrypt_and_store_password str: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
force_two_factor_auth str: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
header_x_forwarded_for str: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hsts_include_subdomains str: Add HSTS includeSubDomains response header. Valid values: enable, disable.
http_compression str: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
http_only_cookie str: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
http_request_body_timeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
http_request_header_timeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
https_redirect str: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idle_timeout int: SSL VPN disconnects if idle for specified time in seconds.
ipv6_dns_server1 str: IPv6 DNS server 1.
ipv6_dns_server2 str: IPv6 DNS server 2.
ipv6_wins_server1 str: IPv6 WINS server 1.
ipv6_wins_server2 str: IPv6 WINS server 2.
login_attempt_limit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
login_block_time int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
login_timeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port int: SSL-VPN access port (1 - 65535).
port_precedence str: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert str: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
route_source_interface str: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
saml_redirect_port int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
server_hostname str: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert str: Name of the server certificate to be used for SSL-VPNs.
source_address6_negate str: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
source_address6s Sequence[SettingsSourceAddress6Args]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
source_address_negate str: Enable/disable negated source address match. Valid values: enable, disable.
source_addresses Sequence[SettingsSourceAddressArgs]: Source address of incoming traffic. The structure of source_address block is documented below.
source_interfaces Sequence[SettingsSourceInterfaceArgs]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
ssl_client_renegotiation str: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
ssl_insert_empty_fragment str: Enable/disable insertion of empty fragment. Valid values: enable, disable.
ssl_max_proto_ver str: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
ssl_min_proto_ver str: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status str: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 str: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 str: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 str: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 str: Enable/disable TLSv1.3. Valid values: enable, disable.
transform_backward_slashes str: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnel_addr_assigned_method str: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnel_connect_without_reauth str: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnel_ip_pools Sequence[SettingsTunnelIpPoolArgs]: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnel_ipv6_pools Sequence[SettingsTunnelIpv6PoolArgs]: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnel_user_session_timeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafe_legacy_renegotiation str: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
url_obscuration str: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
user_peer str: Name of user peer.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
web_mode_snat str: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
wins_server1 str: WINS server 1.
wins_server2 str: WINS server 2.
x_content_type_options str: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztna_trusted_client str: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm String: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp String: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout Number: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules List<Property Map>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute String: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher String: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection String: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer String: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite String: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs String: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal String: Default SSL VPN portal.
deflateCompressionLevel Number: Compression level (0~9).
deflateMinDataSize Number: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 String: DNS server 1.
dnsServer2 String: DNS server 2.
dnsSuffix String: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount Number: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout Number: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval Number: Interval between DTLS heartbeat.
dtlsHelloTimeout Number: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer String: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer String: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel String: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode String: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence String: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword String: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth String: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor String: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains String: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression String: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie String: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout Number: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout Number: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect String: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout Number: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6WinsServer1 String: IPv6 WINS server 1.
ipv6WinsServer2 String: IPv6 WINS server 2.
loginAttemptLimit Number: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime Number: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout Number: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port Number: SSL-VPN access port (1 - 65535).
portPrecedence String: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert String: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface String: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort Number: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname String: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert String: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<Property Map>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<Property Map>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<Property Map>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation String: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment String: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer String: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer String: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status String: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 String: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 String: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 String: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 String: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes String: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod String: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth String: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools List<Property Map>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools List<Property Map>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout Number: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation String: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration String: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer String: Name of user peer.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat String: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 String: WINS server 1.
winsServer2 String: WINS server 2.
xContentTypeOptions String: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient String: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

Outputs

All input properties are implicitly available as output properties. Additionally, the Settings resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Settings Resource

Get an existing Settings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SettingsState, opts?: CustomResourceOptions): Settings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        auth_session_check_source_ip: Optional[str] = None,
        auth_timeout: Optional[int] = None,
        authentication_rules: Optional[Sequence[SettingsAuthenticationRuleArgs]] = None,
        auto_tunnel_static_route: Optional[str] = None,
        banned_cipher: Optional[str] = None,
        browser_language_detection: Optional[str] = None,
        check_referer: Optional[str] = None,
        ciphersuite: Optional[str] = None,
        client_sigalgs: Optional[str] = None,
        default_portal: Optional[str] = None,
        deflate_compression_level: Optional[int] = None,
        deflate_min_data_size: Optional[int] = None,
        dns_server1: Optional[str] = None,
        dns_server2: Optional[str] = None,
        dns_suffix: Optional[str] = None,
        dtls_heartbeat_fail_count: Optional[int] = None,
        dtls_heartbeat_idle_timeout: Optional[int] = None,
        dtls_heartbeat_interval: Optional[int] = None,
        dtls_hello_timeout: Optional[int] = None,
        dtls_max_proto_ver: Optional[str] = None,
        dtls_min_proto_ver: Optional[str] = None,
        dtls_tunnel: Optional[str] = None,
        dual_stack_mode: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        encode2f_sequence: Optional[str] = None,
        encrypt_and_store_password: Optional[str] = None,
        force_two_factor_auth: Optional[str] = None,
        get_all_tables: Optional[str] = None,
        header_x_forwarded_for: Optional[str] = None,
        hsts_include_subdomains: Optional[str] = None,
        http_compression: Optional[str] = None,
        http_only_cookie: Optional[str] = None,
        http_request_body_timeout: Optional[int] = None,
        http_request_header_timeout: Optional[int] = None,
        https_redirect: Optional[str] = None,
        idle_timeout: Optional[int] = None,
        ipv6_dns_server1: Optional[str] = None,
        ipv6_dns_server2: Optional[str] = None,
        ipv6_wins_server1: Optional[str] = None,
        ipv6_wins_server2: Optional[str] = None,
        login_attempt_limit: Optional[int] = None,
        login_block_time: Optional[int] = None,
        login_timeout: Optional[int] = None,
        port: Optional[int] = None,
        port_precedence: Optional[str] = None,
        reqclientcert: Optional[str] = None,
        route_source_interface: Optional[str] = None,
        saml_redirect_port: Optional[int] = None,
        server_hostname: Optional[str] = None,
        servercert: Optional[str] = None,
        source_address6_negate: Optional[str] = None,
        source_address6s: Optional[Sequence[SettingsSourceAddress6Args]] = None,
        source_address_negate: Optional[str] = None,
        source_addresses: Optional[Sequence[SettingsSourceAddressArgs]] = None,
        source_interfaces: Optional[Sequence[SettingsSourceInterfaceArgs]] = None,
        ssl_client_renegotiation: Optional[str] = None,
        ssl_insert_empty_fragment: Optional[str] = None,
        ssl_max_proto_ver: Optional[str] = None,
        ssl_min_proto_ver: Optional[str] = None,
        status: Optional[str] = None,
        tlsv10: Optional[str] = None,
        tlsv11: Optional[str] = None,
        tlsv12: Optional[str] = None,
        tlsv13: Optional[str] = None,
        transform_backward_slashes: Optional[str] = None,
        tunnel_addr_assigned_method: Optional[str] = None,
        tunnel_connect_without_reauth: Optional[str] = None,
        tunnel_ip_pools: Optional[Sequence[SettingsTunnelIpPoolArgs]] = None,
        tunnel_ipv6_pools: Optional[Sequence[SettingsTunnelIpv6PoolArgs]] = None,
        tunnel_user_session_timeout: Optional[int] = None,
        unsafe_legacy_renegotiation: Optional[str] = None,
        url_obscuration: Optional[str] = None,
        user_peer: Optional[str] = None,
        vdomparam: Optional[str] = None,
        web_mode_snat: Optional[str] = None,
        wins_server1: Optional[str] = None,
        wins_server2: Optional[str] = None,
        x_content_type_options: Optional[str] = None,
        ztna_trusted_client: Optional[str] = None) -> Settings

func GetSettings(ctx *Context, name string, id IDInput, state *SettingsState, opts ...ResourceOption) (*Settings, error)

public static Settings Get(string name, Input<string> id, SettingsState? state, CustomResourceOptions? opts = null)

public static Settings get(String name, Output<String> id, SettingsState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
AuthSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
AuthTimeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
AuthenticationRules List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRule>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
AutoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
BannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
BrowserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
CheckReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
Ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
ClientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
DefaultPortal string: Default SSL VPN portal.
DeflateCompressionLevel int: Compression level (0~9).
DeflateMinDataSize int: Minimum amount of data that triggers compression (200 - 65535 bytes).
DnsServer1 string: DNS server 1.
DnsServer2 string: DNS server 2.
DnsSuffix string: DNS suffix used for SSL-VPN clients.
DtlsHeartbeatFailCount int: Number of missing heartbeats before the connection is considered dropped.
DtlsHeartbeatIdleTimeout int: Idle timeout before DTLS heartbeat is sent.
DtlsHeartbeatInterval int: Interval between DTLS heartbeat.
DtlsHelloTimeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
DtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
DualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
EncryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
ForceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
HeaderXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
HstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
HttpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
HttpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
HttpRequestBodyTimeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
HttpRequestHeaderTimeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
HttpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
IdleTimeout int: SSL VPN disconnects if idle for specified time in seconds.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6WinsServer1 string: IPv6 WINS server 1.
Ipv6WinsServer2 string: IPv6 WINS server 2.
LoginAttemptLimit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
LoginBlockTime int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
LoginTimeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
Port int: SSL-VPN access port (1 - 65535).
PortPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
Reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
RouteSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
SamlRedirectPort int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
ServerHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
Servercert string: Name of the server certificate to be used for SSL-VPNs.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
SslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
SslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
SslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
SslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
Status string: Enable/disable SSL-VPN. Valid values: enable, disable.
Tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
Tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
Tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
Tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
TransformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
TunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
TunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
TunnelIpPools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpPool>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
TunnelIpv6Pools List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsTunnelIpv6Pool>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
TunnelUserSessionTimeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
UnsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
UrlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
UserPeer string: Name of user peer.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WebModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
WinsServer1 string: WINS server 1.
WinsServer2 string: WINS server 2.
XContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ZtnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

Algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
AuthSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
AuthTimeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
AuthenticationRules []SettingsAuthenticationRuleArgs: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
AutoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
BannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
BrowserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
CheckReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
Ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
ClientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
DefaultPortal string: Default SSL VPN portal.
DeflateCompressionLevel int: Compression level (0~9).
DeflateMinDataSize int: Minimum amount of data that triggers compression (200 - 65535 bytes).
DnsServer1 string: DNS server 1.
DnsServer2 string: DNS server 2.
DnsSuffix string: DNS suffix used for SSL-VPN clients.
DtlsHeartbeatFailCount int: Number of missing heartbeats before the connection is considered dropped.
DtlsHeartbeatIdleTimeout int: Idle timeout before DTLS heartbeat is sent.
DtlsHeartbeatInterval int: Interval between DTLS heartbeat.
DtlsHelloTimeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
DtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
DtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
DualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
EncryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
ForceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
HeaderXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
HstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
HttpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
HttpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
HttpRequestBodyTimeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
HttpRequestHeaderTimeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
HttpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
IdleTimeout int: SSL VPN disconnects if idle for specified time in seconds.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6WinsServer1 string: IPv6 WINS server 1.
Ipv6WinsServer2 string: IPv6 WINS server 2.
LoginAttemptLimit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
LoginBlockTime int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
LoginTimeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
Port int: SSL-VPN access port (1 - 65535).
PortPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
Reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
RouteSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
SamlRedirectPort int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
ServerHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
Servercert string: Name of the server certificate to be used for SSL-VPNs.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s []SettingsSourceAddress6Args: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses []SettingsSourceAddressArgs: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces []SettingsSourceInterfaceArgs: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
SslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
SslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
SslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
SslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
Status string: Enable/disable SSL-VPN. Valid values: enable, disable.
Tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
Tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
Tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
Tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
TransformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
TunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
TunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
TunnelIpPools []SettingsTunnelIpPoolArgs: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
TunnelIpv6Pools []SettingsTunnelIpv6PoolArgs: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
TunnelUserSessionTimeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
UnsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
UrlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
UserPeer string: Name of user peer.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WebModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
WinsServer1 string: WINS server 1.
WinsServer2 string: WINS server 2.
XContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ZtnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm String: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp String: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout Integer: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules List<SettingsAuthenticationRule>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute String: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher String: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection String: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer String: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite String: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs String: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal String: Default SSL VPN portal.
deflateCompressionLevel Integer: Compression level (0~9).
deflateMinDataSize Integer: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 String: DNS server 1.
dnsServer2 String: DNS server 2.
dnsSuffix String: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount Integer: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout Integer: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval Integer: Interval between DTLS heartbeat.
dtlsHelloTimeout Integer: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer String: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer String: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel String: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode String: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence String: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword String: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth String: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor String: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains String: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression String: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie String: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout Integer: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout Integer: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect String: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout Integer: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6WinsServer1 String: IPv6 WINS server 1.
ipv6WinsServer2 String: IPv6 WINS server 2.
loginAttemptLimit Integer: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime Integer: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout Integer: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port Integer: SSL-VPN access port (1 - 65535).
portPrecedence String: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert String: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface String: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort Integer: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname String: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert String: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<SettingsSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<SettingsSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<SettingsSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation String: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment String: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer String: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer String: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status String: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 String: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 String: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 String: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 String: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes String: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod String: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth String: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools List<SettingsTunnelIpPool>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools List<SettingsTunnelIpv6Pool>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout Integer: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation String: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration String: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer String: Name of user peer.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat String: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 String: WINS server 1.
winsServer2 String: WINS server 2.
xContentTypeOptions String: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient String: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm string: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp string: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout number: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules SettingsAuthenticationRule[]: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute string: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher string: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection string: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer string: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite string: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs string: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal string: Default SSL VPN portal.
deflateCompressionLevel number: Compression level (0~9).
deflateMinDataSize number: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 string: DNS server 1.
dnsServer2 string: DNS server 2.
dnsSuffix string: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount number: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout number: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval number: Interval between DTLS heartbeat.
dtlsHelloTimeout number: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer string: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer string: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel string: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode string: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence string: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword string: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth string: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor string: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains string: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression string: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie string: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout number: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout number: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect string: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout number: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 string: IPv6 DNS server 1.
ipv6DnsServer2 string: IPv6 DNS server 2.
ipv6WinsServer1 string: IPv6 WINS server 1.
ipv6WinsServer2 string: IPv6 WINS server 2.
loginAttemptLimit number: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime number: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout number: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port number: SSL-VPN access port (1 - 65535).
portPrecedence string: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert string: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface string: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort number: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname string: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert string: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s SettingsSourceAddress6[]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses SettingsSourceAddress[]: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces SettingsSourceInterface[]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation string: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment string: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer string: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer string: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status string: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 string: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 string: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 string: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 string: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes string: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod string: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth string: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools SettingsTunnelIpPool[]: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools SettingsTunnelIpv6Pool[]: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout number: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation string: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration string: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer string: Name of user peer.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat string: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 string: WINS server 1.
winsServer2 string: WINS server 2.
xContentTypeOptions string: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient string: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm str: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
auth_session_check_source_ip str: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
auth_timeout int: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authentication_rules Sequence[SettingsAuthenticationRuleArgs]: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
auto_tunnel_static_route str: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
banned_cipher str: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browser_language_detection str: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
check_referer str: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite str: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
client_sigalgs str: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
default_portal str: Default SSL VPN portal.
deflate_compression_level int: Compression level (0~9).
deflate_min_data_size int: Minimum amount of data that triggers compression (200 - 65535 bytes).
dns_server1 str: DNS server 1.
dns_server2 str: DNS server 2.
dns_suffix str: DNS suffix used for SSL-VPN clients.
dtls_heartbeat_fail_count int: Number of missing heartbeats before the connection is considered dropped.
dtls_heartbeat_idle_timeout int: Idle timeout before DTLS heartbeat is sent.
dtls_heartbeat_interval int: Interval between DTLS heartbeat.
dtls_hello_timeout int: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtls_max_proto_ver str: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtls_min_proto_ver str: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtls_tunnel str: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dual_stack_mode str: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2f_sequence str: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encrypt_and_store_password str: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
force_two_factor_auth str: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
header_x_forwarded_for str: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hsts_include_subdomains str: Add HSTS includeSubDomains response header. Valid values: enable, disable.
http_compression str: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
http_only_cookie str: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
http_request_body_timeout int: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
http_request_header_timeout int: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
https_redirect str: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idle_timeout int: SSL VPN disconnects if idle for specified time in seconds.
ipv6_dns_server1 str: IPv6 DNS server 1.
ipv6_dns_server2 str: IPv6 DNS server 2.
ipv6_wins_server1 str: IPv6 WINS server 1.
ipv6_wins_server2 str: IPv6 WINS server 2.
login_attempt_limit int: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
login_block_time int: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
login_timeout int: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port int: SSL-VPN access port (1 - 65535).
port_precedence str: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert str: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
route_source_interface str: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
saml_redirect_port int: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
server_hostname str: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert str: Name of the server certificate to be used for SSL-VPNs.
source_address6_negate str: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
source_address6s Sequence[SettingsSourceAddress6Args]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
source_address_negate str: Enable/disable negated source address match. Valid values: enable, disable.
source_addresses Sequence[SettingsSourceAddressArgs]: Source address of incoming traffic. The structure of source_address block is documented below.
source_interfaces Sequence[SettingsSourceInterfaceArgs]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
ssl_client_renegotiation str: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
ssl_insert_empty_fragment str: Enable/disable insertion of empty fragment. Valid values: enable, disable.
ssl_max_proto_ver str: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
ssl_min_proto_ver str: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status str: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 str: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 str: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 str: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 str: Enable/disable TLSv1.3. Valid values: enable, disable.
transform_backward_slashes str: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnel_addr_assigned_method str: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnel_connect_without_reauth str: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnel_ip_pools Sequence[SettingsTunnelIpPoolArgs]: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnel_ipv6_pools Sequence[SettingsTunnelIpv6PoolArgs]: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnel_user_session_timeout int: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafe_legacy_renegotiation str: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
url_obscuration str: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
user_peer str: Name of user peer.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
web_mode_snat str: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
wins_server1 str: WINS server 1.
wins_server2 str: WINS server 2.
x_content_type_options str: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztna_trusted_client str: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

algorithm String: Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any. Valid values: high, medium, default, low.
authSessionCheckSourceIp String: Enable/disable checking of source IP for authentication session. Valid values: enable, disable.
authTimeout Number: SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout).
authenticationRules List<Property Map>: Authentication rule for SSL VPN. The structure of authentication_rule block is documented below.
autoTunnelStaticRoute String: Enable to auto-create static routes for the SSL-VPN tunnel IP addresses. Valid values: enable, disable.
bannedCipher String: Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.
browserLanguageDetection String: Enable/disable overriding the configured system language based on the preferred language of the browser. Valid values: enable, disable.
checkReferer String: Enable/disable verification of referer field in HTTP request header. Valid values: enable, disable.
ciphersuite String: Select one or more TLS 1.3 ciphersuites to enable. Does not affect ciphers in TLS 1.2 and below. At least one must be enabled. To disable all, set ssl-max-proto-ver to tls1-2 or below. Valid values: TLS-AES-128-GCM-SHA256, TLS-AES-256-GCM-SHA384, TLS-CHACHA20-POLY1305-SHA256, TLS-AES-128-CCM-SHA256, TLS-AES-128-CCM-8-SHA256.
clientSigalgs String: Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: no-rsa-pss, all.
defaultPortal String: Default SSL VPN portal.
deflateCompressionLevel Number: Compression level (0~9).
deflateMinDataSize Number: Minimum amount of data that triggers compression (200 - 65535 bytes).
dnsServer1 String: DNS server 1.
dnsServer2 String: DNS server 2.
dnsSuffix String: DNS suffix used for SSL-VPN clients.
dtlsHeartbeatFailCount Number: Number of missing heartbeats before the connection is considered dropped.
dtlsHeartbeatIdleTimeout Number: Idle timeout before DTLS heartbeat is sent.
dtlsHeartbeatInterval Number: Interval between DTLS heartbeat.
dtlsHelloTimeout Number: SSLVPN maximum DTLS hello timeout (10 - 60 sec, default = 10).
dtlsMaxProtoVer String: DTLS maximum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsMinProtoVer String: DTLS minimum protocol version. Valid values: dtls1-0, dtls1-2.
dtlsTunnel String: Enable DTLS to prevent eavesdropping, tampering, or message forgery. Valid values: enable, disable.
dualStackMode String: Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: enable, disable.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
encode2fSequence String: Encode \2F sequence to forward slash in URLs. Valid values: enable, disable.
encryptAndStorePassword String: Encrypt and store user passwords for SSL-VPN web sessions. Valid values: enable, disable.
forceTwoFactorAuth String: Enable to force two-factor authentication for all SSL-VPNs. Valid values: enable, disable.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
headerXForwardedFor String: Forward the same, add, or remove HTTP header. Valid values: pass, add, remove.
hstsIncludeSubdomains String: Add HSTS includeSubDomains response header. Valid values: enable, disable.
httpCompression String: Enable to allow HTTP compression over SSL-VPN tunnels. Valid values: enable, disable.
httpOnlyCookie String: Enable/disable SSL-VPN support for HttpOnly cookies. Valid values: enable, disable.
httpRequestBodyTimeout Number: SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20).
httpRequestHeaderTimeout Number: SSL-VPN session is disconnected if an HTTP request header is not received within this time (1 - 60 sec, default = 20).
httpsRedirect String: Enable/disable redirect of port 80 to SSL-VPN port. Valid values: enable, disable.
idleTimeout Number: SSL VPN disconnects if idle for specified time in seconds.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6WinsServer1 String: IPv6 WINS server 1.
ipv6WinsServer2 String: IPv6 WINS server 2.
loginAttemptLimit Number: SSL VPN maximum login attempt times before block (0 - 10, default = 2, 0 = no limit).
loginBlockTime Number: Time for which a user is blocked from logging in after too many failed login attempts (0 - 86400 sec, default = 60).
loginTimeout Number: SSLVPN maximum login timeout (10 - 180 sec, default = 30).
port Number: SSL-VPN access port (1 - 65535).
portPrecedence String: Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface. Valid values: enable, disable.
reqclientcert String: Enable to require client certificates for all SSL-VPN users. Valid values: enable, disable.
routeSourceInterface String: Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface. Valid values: enable, disable.
samlRedirectPort Number: SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side.
serverHostname String: Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.
servercert String: Name of the server certificate to be used for SSL-VPNs.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<Property Map>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<Property Map>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<Property Map>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
sslClientRenegotiation String: Enable to allow client renegotiation by the server if the tunnel goes down. Valid values: disable, enable.
sslInsertEmptyFragment String: Enable/disable insertion of empty fragment. Valid values: enable, disable.
sslMaxProtoVer String: SSL maximum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
sslMinProtoVer String: SSL minimum protocol version. Valid values: tls1-0, tls1-1, tls1-2, tls1-3.
status String: Enable/disable SSL-VPN. Valid values: enable, disable.
tlsv10 String: Enable/disable TLSv1.0. Valid values: enable, disable.
tlsv11 String: Enable/disable TLSv1.1. Valid values: enable, disable.
tlsv12 String: Enable/disable TLSv1.2. Valid values: enable, disable.
tlsv13 String: Enable/disable TLSv1.3. Valid values: enable, disable.
transformBackwardSlashes String: Transform backward slashes to forward slashes in URLs. Valid values: enable, disable.
tunnelAddrAssignedMethod String: Method used for assigning address for tunnel. Valid values: first-available, round-robin.
tunnelConnectWithoutReauth String: Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: enable, disable.
tunnelIpPools List<Property Map>: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ip_pools block is documented below.
tunnelIpv6Pools List<Property Map>: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients. The structure of tunnel_ipv6_pools block is documented below.
tunnelUserSessionTimeout Number: Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec.
unsafeLegacyRenegotiation String: Enable/disable unsafe legacy re-negotiation. Valid values: enable, disable.
urlObscuration String: Enable to obscure the host name of the URL of the web browser display. Valid values: enable, disable.
userPeer String: Name of user peer.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
webModeSnat String: Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: enable, disable.
winsServer1 String: WINS server 1.
winsServer2 String: WINS server 2.
xContentTypeOptions String: Add HTTP X-Content-Type-Options header. Valid values: enable, disable.
ztnaTrustedClient String: Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: enable, disable.

Supporting Types

SettingsAuthenticationRule, SettingsAuthenticationRuleArgs

Auth string: SSL VPN authentication method restriction.
Cipher string: SSL VPN cipher strength. Valid values: any, high, medium.
ClientCert string: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
Groups List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleGroup>: User groups. The structure of groups block is documented below.
Id int: ID (0 - 4294967295).
Portal string: SSL VPN portal.
Realm string: SSL VPN realm.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
UserPeer string: Name of user peer.
Users List<Pulumiverse.Fortios.Vpn.Ssl.Inputs.SettingsAuthenticationRuleUser>: User name. The structure of users block is documented below.

Auth string: SSL VPN authentication method restriction.
Cipher string: SSL VPN cipher strength. Valid values: any, high, medium.
ClientCert string: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
Groups []SettingsAuthenticationRuleGroup: User groups. The structure of groups block is documented below.
Id int: ID (0 - 4294967295).
Portal string: SSL VPN portal.
Realm string: SSL VPN realm.
SourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
SourceAddress6s []SettingsAuthenticationRuleSourceAddress6: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
SourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
SourceAddresses []SettingsAuthenticationRuleSourceAddress: Source address of incoming traffic. The structure of source_address block is documented below.
SourceInterfaces []SettingsAuthenticationRuleSourceInterface: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
UserPeer string: Name of user peer.
Users []SettingsAuthenticationRuleUser: User name. The structure of users block is documented below.

auth String: SSL VPN authentication method restriction.
cipher String: SSL VPN cipher strength. Valid values: any, high, medium.
clientCert String: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
groups List<SettingsAuthenticationRuleGroup>: User groups. The structure of groups block is documented below.
id Integer: ID (0 - 4294967295).
portal String: SSL VPN portal.
realm String: SSL VPN realm.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<SettingsAuthenticationRuleSourceAddress6>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<SettingsAuthenticationRuleSourceAddress>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<SettingsAuthenticationRuleSourceInterface>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
userPeer String: Name of user peer.
users List<SettingsAuthenticationRuleUser>: User name. The structure of users block is documented below.

auth string: SSL VPN authentication method restriction.
cipher string: SSL VPN cipher strength. Valid values: any, high, medium.
clientCert string: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
groups SettingsAuthenticationRuleGroup[]: User groups. The structure of groups block is documented below.
id number: ID (0 - 4294967295).
portal string: SSL VPN portal.
realm string: SSL VPN realm.
sourceAddress6Negate string: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s SettingsAuthenticationRuleSourceAddress6[]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate string: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses SettingsAuthenticationRuleSourceAddress[]: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces SettingsAuthenticationRuleSourceInterface[]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
userPeer string: Name of user peer.
users SettingsAuthenticationRuleUser[]: User name. The structure of users block is documented below.

auth str: SSL VPN authentication method restriction.
cipher str: SSL VPN cipher strength. Valid values: any, high, medium.
client_cert str: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
groups Sequence[SettingsAuthenticationRuleGroup]: User groups. The structure of groups block is documented below.
id int: ID (0 - 4294967295).
portal str: SSL VPN portal.
realm str: SSL VPN realm.
source_address6_negate str: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
source_address6s Sequence[SettingsAuthenticationRuleSourceAddress6]: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
source_address_negate str: Enable/disable negated source address match. Valid values: enable, disable.
source_addresses Sequence[SettingsAuthenticationRuleSourceAddress]: Source address of incoming traffic. The structure of source_address block is documented below.
source_interfaces Sequence[SettingsAuthenticationRuleSourceInterface]: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
user_peer str: Name of user peer.
users Sequence[SettingsAuthenticationRuleUser]: User name. The structure of users block is documented below.

auth String: SSL VPN authentication method restriction.
cipher String: SSL VPN cipher strength. Valid values: any, high, medium.
clientCert String: Enable/disable SSL VPN client certificate restrictive. Valid values: enable, disable.
groups List<Property Map>: User groups. The structure of groups block is documented below.
id Number: ID (0 - 4294967295).
portal String: SSL VPN portal.
realm String: SSL VPN realm.
sourceAddress6Negate String: Enable/disable negated source IPv6 address match. Valid values: enable, disable.
sourceAddress6s List<Property Map>: IPv6 source address of incoming traffic. The structure of source_address6 block is documented below.
sourceAddressNegate String: Enable/disable negated source address match. Valid values: enable, disable.
sourceAddresses List<Property Map>: Source address of incoming traffic. The structure of source_address block is documented below.
sourceInterfaces List<Property Map>: SSL VPN source interface of incoming traffic. The structure of source_interface block is documented below.
userPeer String: Name of user peer.
users List<Property Map>: User name. The structure of users block is documented below.

SettingsAuthenticationRuleGroup, SettingsAuthenticationRuleGroupArgs

Name string: Group name.

Name string: Group name.

name String: Group name.

name string: Group name.

name str: Group name.

name String: Group name.

SettingsAuthenticationRuleSourceAddress, SettingsAuthenticationRuleSourceAddressArgs

Name string: IPv6 address name.

Name string: IPv6 address name.

name String: IPv6 address name.

name string: IPv6 address name.

name str: IPv6 address name.

name String: IPv6 address name.

SettingsAuthenticationRuleSourceAddress6, SettingsAuthenticationRuleSourceAddress6Args

Name string

Name string

name String

name string

name str

name String

SettingsAuthenticationRuleSourceInterface, SettingsAuthenticationRuleSourceInterfaceArgs

Name string: Interface name.

Name string: Interface name.

name String: Interface name.

name string: Interface name.

name str: Interface name.

name String: Interface name.

SettingsAuthenticationRuleUser, SettingsAuthenticationRuleUserArgs

Name string: User name.

Name string: User name.

name String: User name.

name string: User name.

name str: User name.

name String: User name.

SettingsSourceAddress, SettingsSourceAddressArgs

Name string: IPv6 address name.

Name string: IPv6 address name.

name String: IPv6 address name.

name string: IPv6 address name.

name str: IPv6 address name.

name String: IPv6 address name.

SettingsSourceAddress6, SettingsSourceAddress6Args

Name string

Name string

name String

name string

name str

name String

SettingsSourceInterface, SettingsSourceInterfaceArgs

Name string: Interface name.

Name string: Interface name.

name String: Interface name.

name string: Interface name.

name str: Interface name.

name String: Interface name.

SettingsTunnelIpPool, SettingsTunnelIpPoolArgs

Name string: Address name.

Name string: Address name.

name String: Address name.

name string: Address name.

name str: Address name.

name String: Address name.

SettingsTunnelIpv6Pool, SettingsTunnelIpv6PoolArgs

Name string

Name string

name String

name string

name str

name String

Import

VpnSsl Settings can be imported using any of these accepted formats:

$ pulumi import fortios:vpn/ssl/settings:Settings labelname VpnSslSettings

If you do not want to import arguments of block:

$ export “FORTIOS_IMPORT_TABLE”=“false”

$ pulumi import fortios:vpn/ssl/settings:Settings labelname VpnSslSettings

$ unset “FORTIOS_IMPORT_TABLE”

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortios pulumiverse/pulumi-fortios
License: Apache-2.0
Notes: This Pulumi package is based on the fortios Terraform Provider.

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

pulumiverse/pulumi-fortios

fortios.vpn/ssl.Settings

On this page

On this page

Example Usage

Create Settings Resource

Constructor syntax

Parameters

Settings Resource Properties

Inputs

Outputs

Look up Existing Settings Resource

Supporting Types

SettingsAuthenticationRule, SettingsAuthenticationRuleArgs

SettingsAuthenticationRuleGroup, SettingsAuthenticationRuleGroupArgs

SettingsAuthenticationRuleSourceAddress, SettingsAuthenticationRuleSourceAddressArgs

SettingsAuthenticationRuleSourceAddress6, SettingsAuthenticationRuleSourceAddress6Args

SettingsAuthenticationRuleSourceInterface, SettingsAuthenticationRuleSourceInterfaceArgs

SettingsAuthenticationRuleUser, SettingsAuthenticationRuleUserArgs

SettingsSourceAddress, SettingsSourceAddressArgs

SettingsSourceAddress6, SettingsSourceAddress6Args

SettingsSourceInterface, SettingsSourceInterfaceArgs

SettingsTunnelIpPool, SettingsTunnelIpPoolArgs

SettingsTunnelIpv6Pool, SettingsTunnelIpv6PoolArgs

Import

Package Details

On this page

On this page