Module fortigate

  • License: ASL 2.0

  • Version: 0.4.1

Typedefs

typedef fortigate::common::enable_disable_t
  • Base type string

  • Type constraint (self in ['enable', 'disable'])

typedef fortigate::common::name_t
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::comments
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::vpn_ipsec_phase1_interface::interface
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase2_interface::name
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::policyid
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967294))

typedef fortigate::router_prefix_list::rule::action
  • Base type string

  • Type constraint (self in ['permit', 'deny'])

typedef fortigate::firewall__dos_policy::anomaly::quarantine
  • Base type string

  • Type constraint (self in ['none', 'attacker'])

typedef fortigate::firewall__dos_policy::anomaly::threshold
  • Base type int

  • Type constraint ((self >= 1) and (self <= 2147483647))

typedef fortigate::firewall__dos_policy::anomaly::threshold_default_
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::firewall_address::associated_interface
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_address6::cache_ttl
  • Base type int

  • Type constraint ((self >= 0) and (self <= 86400))

typedef fortigate::firewall_address::clearpass_spt
  • Base type string

  • Type constraint (self in ['unknown', 'healthy', 'quarantine', 'checkup', 'transient', 'infected'])

typedef fortigate::system_interface::color
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32))

typedef fortigate::system_sdwan::members::comment
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address6::country
  • Base type string

  • Type constraint (std::length(self) <= 2)

typedef fortigate::firewall_address6::epg_name
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address::filter
  • Base type string

  • Type constraint (std::length(self) <= 2047)

typedef fortigate::firewall_address6::fqdn
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address6::obj_id
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address::obj_tag
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address::obj_type
  • Base type string

  • Type constraint (self in ['ip', 'mac'])

typedef fortigate::firewall_address::organization
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_address::policy_group
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::firewall_address6::sdn
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_address::sdn_addr_type
  • Base type string

  • Type constraint (self in ['private', 'public', 'all'])

typedef fortigate::firewall_address6::sdn_tag
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::firewall_address::sub_type
  • Base type string

  • Type constraint (self in ['sdn', 'clearpass-spt', 'fsso', 'ems-tag', 'fortivoice-tag', 'fortinac-tag', 'fortipolicy-tag', 'swc-tag'])

typedef fortigate::firewall_address::subnet_name
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address::tag_detection_level
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::firewall_address::tag_type
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::firewall_address6::tenant
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::type
  • Base type string

  • Type constraint (self in ['static', 'dynamic', 'ddns'])

typedef fortigate::firewall_address::wildcard_fqdn
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::firewall_address6::host_type
  • Base type string

  • Type constraint (self in ['any', 'specific'])

typedef fortigate::firewall_address6::template
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_sdwan::neighbor::ip
  • Base type string

  • Type constraint (std::length(self) <= 45)

typedef fortigate::firewall_address::macaddr::macaddr
  • Base type string

  • Type constraint (std::length(self) <= 127)

typedef fortigate::system_interface::client_options::value
  • Base type string

  • Type constraint (std::length(self) <= 312)

typedef fortigate::system_interface::tagging::category
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::firewall_local_in_policy6::intf
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::schedule
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_sdwan::service::end_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::vpn_ipsec_phase1_interface::ipv6_exclude_range::id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::vpn_ipsec_phase2_interface::protocol
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_sdwan::service::start_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::firewall_shaping_policy::traffic_shaper
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::application_list
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::auth_cert
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::auth_redirect_addr
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::firewall_policy::av_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::cifs_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::decrypted_traffic_mirror
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::dlp_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::dnsfilter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::emailfilter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::file_filter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_settings::firewall_session_dirty
  • Base type string

  • Type constraint (self in ['check-all', 'check-new', 'check-policy-option'])

typedef fortigate::firewall_policy::fsso_agent_for_ntlm
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::geoip_match
  • Base type string

  • Type constraint (self in ['physical-location', 'registered-location'])

typedef fortigate::firewall_policy::icap_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::identity_based_route
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::inspection_mode
  • Base type string

  • Type constraint (self in ['proxy', 'flow'])

typedef fortigate::firewall_policy::ips_sensor
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::ips_voip_filter
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::logtraffic
  • Base type string

  • Type constraint (self in ['all', 'utm', 'disable'])

typedef fortigate::firewall_shaping_policy::per_ip_shaper
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::profile_group
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::profile_protocol_options
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::profile_type
  • Base type string

  • Type constraint (self in ['single', 'group'])

typedef fortigate::firewall_policy::redirect_url
  • Base type string

  • Type constraint (std::length(self) <= 1023)

typedef fortigate::system_interface::replacemsg_override_group
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::reputation_direction
  • Base type string

  • Type constraint (self in ['source', 'destination'])

typedef fortigate::firewall_policy::reputation_direction6
  • Base type string

  • Type constraint (self in ['source', 'destination'])

typedef fortigate::firewall_policy::reputation_minimum
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::firewall_policy::reputation_minimum6
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::firewall_policy::sctp_filter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::ssh_filter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::ssl_ssh_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::tcp_mss_receiver
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::firewall_policy::tcp_mss_sender
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::firewall_policy::tcp_session_without_syn
  • Base type string

  • Type constraint (self in ['all', 'data-only', 'disable'])

typedef fortigate::firewall_shaping_policy::traffic_shaper_reverse
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::videofilter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::vlan_cos_fwd
  • Base type int

  • Type constraint ((self >= 0) and (self <= 7))

typedef fortigate::firewall_policy::vlan_cos_rev
  • Base type int

  • Type constraint ((self >= 0) and (self <= 7))

typedef fortigate::firewall_policy::voip_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::vpntunnel
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::waf_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::wanopt_detection
  • Base type string

  • Type constraint (self in ['active', 'passive', 'off'])

typedef fortigate::firewall_policy::wanopt_passive_opt
  • Base type string

  • Type constraint (self in ['default', 'transparent', 'non-transparent'])

typedef fortigate::firewall_policy::wanopt_peer
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::wanopt_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::webfilter_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::webproxy_forward_server
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::firewall_policy::webproxy_profile
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::firewall_policy::ztna_tags_match_logic
  • Base type string

  • Type constraint (self in ['or', 'and'])

typedef fortigate::firewall_policy::custom_log_fields::field_id
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::firewall_policy::ntlm_enabled_browsers::user_agent_string
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::firewall_shaping_policy::class_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::vpn_ipsec_phase1_interface::ip_version
  • Base type string

  • Type constraint (self in ['4', '6'])

typedef fortigate::fortiflex::cloud_services
  • Base type string

  • Type constraint (self in ['FAMS', 'SWNM', 'AFAC', 'FAZC'])

typedef fortigate::fortiflex::fg_services
  • Base type string

  • Type constraint (self in ['IPS', 'AVDB', 'FURLDNS', 'FGSA', 'DLDB', 'FAIS'])

typedef fortigate::router_bgp::additional_path_select
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::additional_path_select6
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::additional_path_select_vpnv4
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::confederation_identifier
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4294967295))

typedef fortigate::router_bgp::dampening_max_suppress_time
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::dampening_reachability_half_life
  • Base type int

  • Type constraint ((self >= 1) and (self <= 45))

typedef fortigate::router_bgp::dampening_reuse
  • Base type int

  • Type constraint ((self >= 1) and (self <= 20000))

typedef fortigate::router_bgp::dampening_route_map
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::dampening_suppress
  • Base type int

  • Type constraint ((self >= 1) and (self <= 20000))

typedef fortigate::router_bgp::dampening_unreachability_half_life
  • Base type int

  • Type constraint ((self >= 1) and (self <= 45))

typedef fortigate::router_bgp::default_local_preference
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::router_bgp::distance_external
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::distance_internal
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::distance_local
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::graceful_restart_time
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::router_bgp::graceful_stalepath_time
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::router_bgp::graceful_update_delay
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::router_bgp::neighbor_group::holdtime_timer
  • Base type int

  • Type constraint ((self >= 3) and (self <= 65535))

typedef fortigate::router_bgp::keepalive_timer
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::router_bgp::scan_time
  • Base type int

  • Type constraint ((self >= 5) and (self <= 60))

typedef fortigate::router_bgp::tag_resolve_mode
  • Base type string

  • Type constraint (self in ['disable', 'preferred', 'merge'])

typedef fortigate::vpn_ipsec_phase1_interface::distance
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::admin_distance::route_list
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::peer
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::additional_path
  • Base type string

  • Type constraint (self in ['send', 'receive', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::additional_path6
  • Base type string

  • Type constraint (self in ['send', 'receive', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::additional_path_vpnv4
  • Base type string

  • Type constraint (self in ['send', 'receive', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::adv_additional_path
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::neighbor_group::adv_additional_path6
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::neighbor_group::adv_additional_path_vpnv4
  • Base type int

  • Type constraint ((self >= 2) and (self <= 255))

typedef fortigate::router_bgp::neighbor_group::advertisement_interval
  • Base type int

  • Type constraint ((self >= 0) and (self <= 600))

typedef fortigate::router_bgp::neighbor_group::allowas_in
  • Base type int

  • Type constraint ((self >= 1) and (self <= 10))

typedef fortigate::router_bgp::neighbor_group::allowas_in6
  • Base type int

  • Type constraint ((self >= 1) and (self <= 10))

typedef fortigate::router_bgp::neighbor_group::allowas_in_vpnv4
  • Base type int

  • Type constraint ((self >= 1) and (self <= 10))

typedef fortigate::router_bgp::neighbor_group::attribute_unchanged
  • Base type string

  • Type constraint (self in ['as-path', 'med', 'next-hop'])

typedef fortigate::router_bgp::neighbor_group::attribute_unchanged6
  • Base type string

  • Type constraint (self in ['as-path', 'med', 'next-hop'])

typedef fortigate::router_bgp::neighbor_group::attribute_unchanged_vpnv4
  • Base type string

  • Type constraint (self in ['as-path', 'med', 'next-hop'])

typedef fortigate::router_bgp::neighbor_group::capability_orf
  • Base type string

  • Type constraint (self in ['none', 'receive', 'send', 'both'])

typedef fortigate::router_bgp::neighbor_group::capability_orf6
  • Base type string

  • Type constraint (self in ['none', 'receive', 'send', 'both'])

typedef fortigate::router_bgp::neighbor_group::connect_timer
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::router_bgp::neighbor_group::default_originate_routemap
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::default_originate_routemap6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::description
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::router_bgp::neighbor_group::distribute_list_in
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::distribute_list_in6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::distribute_list_in_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::distribute_list_out
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::distribute_list_out6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::distribute_list_out_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::ebgp_multihop_ttl
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::neighbor_group::filter_list_in
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::filter_list_in6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::filter_list_out
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::filter_list_out6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::keep_alive_timer
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4294967295))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix6
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4294967295))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix_threshold
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix_threshold6
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix_threshold_vpnv4
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100))

typedef fortigate::router_bgp::neighbor_group::maximum_prefix_vpnv4
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4294967295))

typedef fortigate::router_bgp::neighbor_group::prefix_list_in
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::prefix_list_in6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::prefix_list_in_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::prefix_list_out
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::prefix_list_out6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::prefix_list_out_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::restart_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 3600))

typedef fortigate::router_bgp::neighbor_group::retain_stale_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::router_bgp::neighbor_group::route_map_in
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_in6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_in_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out6_preferable
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out_preferable
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out_vpnv4
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::route_map_out_vpnv4_preferable
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::send_community
  • Base type string

  • Type constraint (self in ['standard', 'extended', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::send_community6
  • Base type string

  • Type constraint (self in ['standard', 'extended', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::send_community_vpnv4
  • Base type string

  • Type constraint (self in ['standard', 'extended', 'both', 'disable'])

typedef fortigate::router_bgp::neighbor_group::unsuppress_map
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::unsuppress_map6
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor_group::update_source
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_sdwan::members::weight
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::router_bgp::neighbor::conditional_advertise6::advertise_routemap
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::neighbor::conditional_advertise6::condition_type
  • Base type string

  • Type constraint (self in ['exist', 'non-exist'])

typedef fortigate::router_bgp::neighbor_range6::max_neighbor_num
  • Base type int

  • Type constraint ((self >= 1) and (self <= 1000))

typedef fortigate::router_bgp::neighbor_range6::neighbor_group
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::router_bgp::network6::network_import_check
  • Base type string

  • Type constraint (self in ['global', 'enable', 'disable'])

typedef fortigate::router_bgp::vrf::leak_target::route_map
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::vrf::import_route_map
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_bgp::vrf::rd
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::system_sdwan::service::role
  • Base type string

  • Type constraint (self in ['standalone', 'primary', 'secondary'])

typedef fortigate::system_sdwan::health_check::vrf
  • Base type int

  • Type constraint ((self >= 0) and (self <= 251))

typedef fortigate::router_bgp::vrf::import_rt::route_target
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::router_prefix_list::rule::ge
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32))

typedef fortigate::router_prefix_list::rule::le
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32))

typedef fortigate::system_settings::device
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::router_static::internet_service
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::router_static::internet_service_custom
  • Base type string

  • Type constraint (std::length(self) <= 64)

typedef fortigate::vpn_ipsec_phase1_interface::priority
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_sdwan::service::priority_members::seq_num
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::router_static::tag
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::devindex
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_admin::accprofile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::email_to
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_admin::fortitoken
  • Base type string

  • Type constraint (std::length(self) <= 16)

typedef fortigate::system_admin::guest_lang
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::peer_group
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::remote_group
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::sms_custom_server
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::sms_phone
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_admin::sms_server
  • Base type string

  • Type constraint (self in ['fortiguard', 'custom'])

typedef fortigate::system_admin::ssh_certificate
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_admin::two_factor
  • Base type string

  • Type constraint (self in ['disable', 'fortitoken', 'fortitoken-cloud', 'email', 'sms'])

typedef fortigate::system_admin::two_factor_authentication
  • Base type string

  • Type constraint (self in ['fortitoken', 'email', 'sms'])

typedef fortigate::system_admin::two_factor_notification
  • Base type string

  • Type constraint (self in ['email', 'sms'])

typedef fortigate::system_interface::ac_name
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_interface::aggregate
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::aggregate_type
  • Base type string

  • Type constraint (self in ['physical', 'vxlan'])

typedef fortigate::system_interface::algorithm
  • Base type string

  • Type constraint (self in ['L2', 'L3', 'L4', 'Source-MAC'])

typedef fortigate::system_interface::alias
  • Base type string

  • Type constraint (std::length(self) <= 25)

typedef fortigate::system_interface::secondaryip::allowaccess
  • Base type string

  • Type constraint (self in ['ping', 'https', 'ssh', 'snmp', 'http', 'telnet', 'fgfm', 'radius-acct', 'probe-response', 'fabric', 'ftm', 'speed-test'])

typedef fortigate::system_interface::auth_portal_addr
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_interface::l2tp_client_settings::auth_type
  • Base type string

  • Type constraint (self in ['auto', 'pap', 'chap', 'mschapv1', 'mschapv2'])

typedef fortigate::system_interface::bandwidth_measure_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::bfd
  • Base type string

  • Type constraint (self in ['global', 'enable', 'disable'])

typedef fortigate::system_settings::bfd_desired_min_tx
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100000))

typedef fortigate::system_settings::bfd_detect_mult
  • Base type int

  • Type constraint ((self >= 1) and (self <= 50))

typedef fortigate::system_settings::bfd_required_min_rx
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100000))

typedef fortigate::system_interface::cli_conn_status
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::dedicated_to
  • Base type string

  • Type constraint (self in ['none', 'management'])

typedef fortigate::system_interface::detected_peer_mtu
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::secondaryip::detectprotocol
  • Base type string

  • Type constraint (self in ['ping', 'tcp-echo', 'udp-echo'])

typedef fortigate::system_interface::dhcp_client_identifier
  • Base type string

  • Type constraint (std::length(self) <= 48)

typedef fortigate::system_interface::dhcp_relay_interface
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::dhcp_relay_interface_select_method
  • Base type string

  • Type constraint (self in ['auto', 'sdwan', 'specify'])

typedef fortigate::system_interface::dhcp_relay_type
  • Base type string

  • Type constraint (self in ['regular', 'ipsec'])

typedef fortigate::system_interface::dhcp_renew_time
  • Base type int

  • Type constraint ((self >= 300) and (self <= 604800))

typedef fortigate::system_interface::disc_retry_timeout
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::disconnect_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000))

typedef fortigate::system_interface::dns_server_protocol
  • Base type string

  • Type constraint (self in ['cleartext', 'dot', 'doh'])

typedef fortigate::system_interface::eap_ca_cert
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::eap_identity
  • Base type string

  • Type constraint (self in ['use-id-payload', 'send-request'])

typedef fortigate::system_interface::eap_method
  • Base type string

  • Type constraint (self in ['tls', 'peap'])

typedef fortigate::system_interface::eap_user_cert
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::egress_shaping_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::estimated_downstream_bandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::estimated_upstream_bandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::fail_action_on_extender
  • Base type string

  • Type constraint (self in ['soft-restart', 'hard-restart', 'reboot'])

typedef fortigate::system_interface::fail_alert_method
  • Base type string

  • Type constraint (self in ['link-failed-signal', 'link-down'])

typedef fortigate::system_interface::fail_detect_option
  • Base type string

  • Type constraint (self in ['detectserver', 'link-down'])

  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

  • Base type string

  • Type constraint (self in ['lldp', 'fortilink'])

typedef fortigate::system_interface::forward_domain
  • Base type int

  • Type constraint ((self >= 0) and (self <= 2147483647))

typedef fortigate::system_sdwan::health_check::ha_priority
  • Base type int

  • Type constraint ((self >= 1) and (self <= 50))

typedef fortigate::system_interface::idle_timeout
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32767))

typedef fortigate::system_interface::ike_saml_server
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::inbandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 80000000))

typedef fortigate::system_interface::ingress_shaping_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_sdwan::members::ingress_spillover_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 16776000))

typedef fortigate::system_interface::internal
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_interface::lacp_mode
  • Base type string

  • Type constraint (self in ['static', 'passive', 'active'])

typedef fortigate::system_interface::lacp_speed
  • Base type string

  • Type constraint (self in ['slow', 'fast'])

typedef fortigate::system_interface::lcp_echo_interval
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32767))

typedef fortigate::system_interface::lcp_max_echo_fails
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32767))

  • Base type int

  • Type constraint ((self >= 50) and (self <= 3600000))

typedef fortigate::system_interface::lldp_network_policy
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_settings::lldp_reception
  • Base type string

  • Type constraint (self in ['enable', 'disable', 'global'])

typedef fortigate::system_settings::lldp_transmission
  • Base type string

  • Type constraint (self in ['enable', 'disable', 'global'])

typedef fortigate::system_interface::managed_subnetwork_size
  • Base type string

  • Type constraint (self in ['32', '64', '128', '256', '512', '1024', '2048', '4096', '8192', '16384', '32768', '65536'])

typedef fortigate::system_interface::measured_downstream_bandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::measured_upstream_bandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

  • Base type int

  • Type constraint ((self >= 1) and (self <= 32))

  • Base type string

  • Type constraint (self in ['operational', 'administrative'])

typedef fortigate::vpn_ipsec_phase1_interface::mode
  • Base type string

  • Type constraint (self in ['aggressive', 'main'])

typedef fortigate::system_interface::l2tp_client_settings::mtu
  • Base type int

  • Type constraint ((self >= 40) and (self <= 65535))

typedef fortigate::system_interface::netflow_sampler
  • Base type string

  • Type constraint (self in ['disable', 'tx', 'rx', 'both'])

typedef fortigate::system_interface::outbandwidth
  • Base type int

  • Type constraint ((self >= 0) and (self <= 80000000))

typedef fortigate::system_interface::padt_retry_timeout
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::secondaryip::ping_serv_status
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_interface::polling_interval
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_interface::pptp_auth_type
  • Base type string

  • Type constraint (self in ['auto', 'pap', 'chap', 'mschapv1', 'mschapv2'])

typedef fortigate::system_interface::pptp_timeout
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_interface::pptp_user
  • Base type string

  • Type constraint (std::length(self) <= 64)

typedef fortigate::system_interface::reachable_time
  • Base type int

  • Type constraint ((self >= 30000) and (self <= 3600000))

typedef fortigate::system_interface::redundant_interface
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::sample_direction
  • Base type string

  • Type constraint (self in ['tx', 'rx', 'both'])

typedef fortigate::system_interface::sample_rate
  • Base type int

  • Type constraint ((self >= 10) and (self <= 99999))

typedef fortigate::system_interface::security_8021x_dynamic_vlan_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4094))

typedef fortigate::system_interface::security_8021x_master
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::security_8021x_mode
  • Base type string

  • Type constraint (self in ['default', 'dynamic-vlan', 'fallback', 'slave'])

typedef fortigate::system_interface::security_exempt_list
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::security_external_logout
  • Base type string

  • Type constraint (std::length(self) <= 127)

typedef fortigate::system_interface::security_external_web
  • Base type string

  • Type constraint (std::length(self) <= 1023)

typedef fortigate::system_interface::security_mac_auth_bypass
  • Base type string

  • Type constraint (self in ['mac-auth-only', 'enable', 'disable'])

typedef fortigate::system_sdwan::health_check::security_mode
  • Base type string

  • Type constraint (self in ['none', 'authentication'])

typedef fortigate::system_interface::security_redirect_url
  • Base type string

  • Type constraint (std::length(self) <= 1023)

typedef fortigate::system_interface::service_name
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_interface::snmp_index
  • Base type int

  • Type constraint ((self >= 1) and (self <= 2147483647))

typedef fortigate::system_interface::speed
  • Base type string

  • Type constraint (self in ['auto', '10full', '10half', '100full', '100half', '1000full', '1000auto'])

typedef fortigate::system_sdwan::members::spillover_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 16776000))

typedef fortigate::system_interface::status
  • Base type string

  • Type constraint (self in ['up', 'down'])

typedef fortigate::system_interface::stp_ha_secondary
  • Base type string

  • Type constraint (self in ['disable', 'enable', 'priority-adjust'])

typedef fortigate::system_interface::stpforward_mode
  • Base type string

  • Type constraint (self in ['rpl-all-ext-id', 'rpl-bridge-ext-id', 'rpl-nothing'])

typedef fortigate::system_interface::swc_first_create
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::swc_vlan
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::switch
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::switch_controller_dynamic
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::switch_controller_feature
  • Base type string

  • Type constraint (self in ['none', 'default-vlan', 'quarantine', 'rspan', 'voice', 'video', 'nac', 'nac-segment'])

typedef fortigate::system_interface::switch_controller_learning_limit
  • Base type int

  • Type constraint ((self >= 0) and (self <= 128))

typedef fortigate::system_interface::switch_controller_mgmt_vlan
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4094))

typedef fortigate::system_interface::switch_controller_nac
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::switch_controller_source_ip
  • Base type string

  • Type constraint (self in ['outbound', 'fixed'])

typedef fortigate::system_interface::switch_controller_traffic_policy
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_interface::system_id_type
  • Base type string

  • Type constraint (self in ['auto', 'user'])

typedef fortigate::system_interface::tcp_mss
  • Base type int

  • Type constraint ((self >= 48) and (self <= 65535))

typedef fortigate::system_interface::username
  • Base type string

  • Type constraint (std::length(self) <= 64)

typedef fortigate::system_interface::vindex
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_interface::vlan_protocol
  • Base type string

  • Type constraint (self in ['8021q', '8021ad'])

typedef fortigate::system_interface::vlanid
  • Base type int

  • Type constraint ((self >= 1) and (self <= 4094))

typedef fortigate::system_interface::client_options::code
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_interface::ipv6::cli_conn6_status
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::dhcp6_client_options
  • Base type string

  • Type constraint (self in ['rapid', 'iapd', 'iana'])

typedef fortigate::system_interface::ipv6::dhcp6_relay_type
  • Base type string

  • Type constraint (self in ['regular'])

typedef fortigate::system_interface::ipv6::ip6_allowaccess
  • Base type string

  • Type constraint (self in ['ping', 'https', 'ssh', 'snmp', 'http', 'telnet', 'fgfm', 'fabric'])

typedef fortigate::system_interface::ipv6::ip6_default_life
  • Base type int

  • Type constraint ((self >= 0) and (self <= 9000))

typedef fortigate::system_interface::ipv6::ip6_delegated_prefix_iaid
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_hop_limit
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

  • Base type int

  • Type constraint ((self >= 1280) and (self <= 16000))

typedef fortigate::system_interface::ipv6::ip6_max_interval
  • Base type int

  • Type constraint ((self >= 4) and (self <= 1800))

typedef fortigate::system_interface::ipv6::ip6_min_interval
  • Base type int

  • Type constraint ((self >= 3) and (self <= 1350))

typedef fortigate::system_interface::ipv6::ip6_mode
  • Base type string

  • Type constraint (self in ['static', 'dhcp', 'pppoe', 'delegated'])

typedef fortigate::system_interface::ipv6::ip6_prefix_mode
  • Base type string

  • Type constraint (self in ['dhcp6', 'ra'])

typedef fortigate::system_interface::ipv6::ip6_reachable_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 3600000))

typedef fortigate::system_interface::ipv6::ip6_retrans_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_upstream_interface
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::ipv6::nd_cert
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_interface::ipv6::nd_mode
  • Base type string

  • Type constraint (self in ['basic', 'SEND-compatible'])

typedef fortigate::system_interface::ipv6::nd_security_level
  • Base type int

  • Type constraint ((self >= 0) and (self <= 7))

typedef fortigate::system_interface::ipv6::nd_timestamp_delta
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::system_interface::ipv6::nd_timestamp_fuzz
  • Base type int

  • Type constraint ((self >= 1) and (self <= 60))

typedef fortigate::system_interface::ipv6::dhcp6_iapd_list::iaid
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::dhcp6_iapd_list::prefix_hint_plt
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::dhcp6_iapd_list::prefix_hint_vlt
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_delegated_prefix_list::delegated_prefix_iaid
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_delegated_prefix_list::prefix_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_delegated_prefix_list::rdnss_service
  • Base type string

  • Type constraint (self in ['delegated', 'default', 'specify'])

typedef fortigate::system_interface::ipv6::ip6_delegated_prefix_list::upstream_interface
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_interface::ipv6::ip6_prefix_list::preferred_life_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_interface::ipv6::ip6_prefix_list::valid_life_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::vpn_ipsec_phase1_interface::domain
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::system_interface::vrrp::adv_interval
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_interface::vrrp::start_time
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_interface::vrrp::vrgrp
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_interface::vrrp::vrid
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_interface::l2tp_client_settings::hello_interval
  • Base type int

  • Type constraint ((self >= 0) and (self <= 3600))

typedef fortigate::system_interface::l2tp_client_settings::peer_host
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::system_interface::l2tp_client_settings::peer_port
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_sdwan::health_check::user
  • Base type string

  • Type constraint (std::length(self) <= 64)

typedef fortigate::system_interface::member::interface_name
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::system_interface::vrrp::version
  • Base type string

  • Type constraint (self in ['2', '3'])

typedef fortigate::system_interface::vrrp::vrdst_priority
  • Base type int

  • Type constraint ((self >= 0) and (self <= 254))

typedef fortigate::system_sdwan::duplication_max_num
  • Base type int

  • Type constraint ((self >= 2) and (self <= 4))

typedef fortigate::system_sdwan::load_balance_mode
  • Base type string

  • Type constraint (self in ['source-ip-based', 'weight-based', 'usage-based', 'source-dest-ip-based', 'measured-volume-based'])

typedef fortigate::system_sdwan::neighbor_hold_boot_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::neighbor_hold_down_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::duplication::packet_duplication
  • Base type string

  • Type constraint (self in ['disable', 'force', 'on-demand'])

typedef fortigate::system_sdwan::service::addr_mode
  • Base type string

  • Type constraint (self in ['ipv4', 'ipv6'])

typedef fortigate::system_sdwan::health_check::detect_mode
  • Base type string

  • Type constraint (self in ['active', 'passive', 'prefer-passive', 'remote', 'agent-based'])

typedef fortigate::system_sdwan::health_check::dns_request_domain
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::system_sdwan::health_check::failtime
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::system_sdwan::health_check::ftp_file
  • Base type string

  • Type constraint (std::length(self) <= 254)

typedef fortigate::system_sdwan::health_check::ftp_mode
  • Base type string

  • Type constraint (self in ['passive', 'port'])

typedef fortigate::system_sdwan::health_check::http_agent
  • Base type string

  • Type constraint (std::length(self) <= 1024)

typedef fortigate::system_sdwan::health_check::http_get
  • Base type string

  • Type constraint (std::length(self) <= 1024)

typedef fortigate::system_sdwan::health_check::http_match
  • Base type string

  • Type constraint (std::length(self) <= 1024)

typedef fortigate::system_sdwan::health_check::interval
  • Base type int

  • Type constraint ((self >= 20) and (self <= 3600000))

typedef fortigate::system_sdwan::health_check::mos_codec
  • Base type string

  • Type constraint (self in ['g711', 'g722', 'g729'])

typedef fortigate::system_sdwan::health_check::packet_size
  • Base type int

  • Type constraint ((self >= 64) and (self <= 1024))

typedef fortigate::system_sdwan::health_check::port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_sdwan::health_check::probe_count
  • Base type int

  • Type constraint ((self >= 5) and (self <= 30))

typedef fortigate::system_sdwan::health_check::probe_timeout
  • Base type int

  • Type constraint ((self >= 20) and (self <= 3600000))

typedef fortigate::system_sdwan::health_check::quality_measured_method
  • Base type string

  • Type constraint (self in ['half-open', 'half-close'])

typedef fortigate::system_sdwan::health_check::recoverytime
  • Base type int

  • Type constraint ((self >= 1) and (self <= 3600))

typedef fortigate::system_sdwan::health_check::server
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::system_sdwan::health_check::sla_fail_log_period
  • Base type int

  • Type constraint ((self >= 0) and (self <= 3600))

typedef fortigate::system_sdwan::health_check::sla_id_redistribute
  • Base type int

  • Type constraint ((self >= 0) and (self <= 32))

typedef fortigate::system_sdwan::health_check::sla_pass_log_period
  • Base type int

  • Type constraint ((self >= 0) and (self <= 3600))

typedef fortigate::system_sdwan::health_check::threshold_alert_jitter
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::health_check::threshold_alert_latency
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::health_check::threshold_alert_packetloss
  • Base type int

  • Type constraint ((self >= 0) and (self <= 100))

typedef fortigate::system_sdwan::health_check::threshold_warning_jitter
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::health_check::threshold_warning_latency
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::health_check::threshold_warning_packetloss
  • Base type int

  • Type constraint ((self >= 0) and (self <= 100))

typedef fortigate::system_sdwan::health_check::sla::jitter_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::health_check::sla::latency_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

  • Base type string

  • Type constraint (self in ['latency', 'jitter', 'packet-loss', 'inbandwidth', 'outbandwidth', 'bibandwidth', 'custom-profile-1'])

typedef fortigate::system_sdwan::health_check::sla::mos_threshold
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_sdwan::health_check::sla::packetloss_threshold
  • Base type int

  • Type constraint ((self >= 0) and (self <= 100))

typedef fortigate::system_sdwan::health_check::sla::priority_in_sla
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_sdwan::health_check::sla::priority_out_sla
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_sdwan::members::cost
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::members::priority6
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_sdwan::members::volume_ratio
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_sdwan::members::zone
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_sdwan::service::sla::health_check
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::system_sdwan::service::minimum_sla_meet_members
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_sdwan::neighbor::sla_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::service::bandwidth_weight
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::service::hash_mode
  • Base type string

  • Type constraint (self in ['round-robin', 'source-ip-based', 'source-dest-ip-based', 'inbandwidth', 'outbandwidth', 'bibandwidth'])

typedef fortigate::system_sdwan::service::hold_down_time
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::service::jitter_weight
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::service::latency_weight
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

typedef fortigate::system_sdwan::service::packet_loss_weight
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10000000))

  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::system_sdwan::service::route_tag
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_sdwan::service::sla_compare_method
  • Base type string

  • Type constraint (self in ['order', 'number'])

typedef fortigate::system_sdwan::service::tie_break
  • Base type string

  • Type constraint (self in ['zone', 'cfg-order', 'fib-best-match', 'input-device'])

typedef fortigate::system_sdwan::zone::service_sla_tie_break
  • Base type string

  • Type constraint (self in ['cfg-order', 'fib-best-match', 'input-device'])

typedef fortigate::system_settings::default_policy_expiry_days
  • Base type int

  • Type constraint ((self >= 0) and (self <= 365))

typedef fortigate::system_settings::default_voip_alg_mode
  • Base type string

  • Type constraint (self in ['proxy-based', 'kernel-helper-based'])

typedef fortigate::system_settings::dhcp_proxy_interface
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::system_settings::dhcp_proxy_interface_select_method
  • Base type string

  • Type constraint (self in ['auto', 'sdwan', 'specify'])

typedef fortigate::system_settings::discovered_device_timeout
  • Base type int

  • Type constraint ((self >= 1) and (self <= 365))

typedef fortigate::system_settings::ecmp_max_paths
  • Base type int

  • Type constraint ((self >= 1) and (self <= 255))

typedef fortigate::system_settings::gui_enforce_change_summary
  • Base type string

  • Type constraint (self in ['disable', 'require', 'optional'])

typedef fortigate::system_settings::http_external_dest
  • Base type string

  • Type constraint (self in ['fortiweb', 'forticache'])

typedef fortigate::system_settings::ike_dn_format
  • Base type string

  • Type constraint (self in ['with-space', 'no-space'])

typedef fortigate::system_settings::ike_port
  • Base type int

  • Type constraint ((self >= 1024) and (self <= 65535))

typedef fortigate::system_settings::lan_extension_controller_addr
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::system_settings::mac_ttl
  • Base type int

  • Type constraint ((self >= 300) and (self <= 8640000))

typedef fortigate::system_settings::ngfw_mode
  • Base type string

  • Type constraint (self in ['profile-based', 'policy-based'])

typedef fortigate::system_settings::opmode
  • Base type string

  • Type constraint (self in ['nat', 'transparent'])

typedef fortigate::system_settings::sccp_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_settings::sip_ssl_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::system_settings::sip_tcp_port
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_settings::sip_udp_port
  • Base type int

  • Type constraint ((self >= 1) and (self <= 65535))

typedef fortigate::system_settings::v4_ecmp_mode
  • Base type string

  • Type constraint (self in ['source-ip-based', 'weight-based', 'usage-based', 'source-dest-ip-based'])

typedef fortigate::system_settings::vdom_type
  • Base type string

  • Type constraint (self in ['traffic', 'lan-extension', 'admin'])

typedef fortigate::system_settings::vpn_stats_log
  • Base type string

  • Type constraint (self in ['ipsec', 'pptp', 'l2tp', 'ssl'])

typedef fortigate::system_settings::vpn_stats_period
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_vdom::flag
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_vdom::short_name
  • Base type string

  • Type constraint (std::length(self) <= 11)

typedef fortigate::system_vdom::vcluster_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::system_vdom_link::vcluster
  • Base type string

  • Type constraint (self in ['vcluster1', 'vcluster2'])

typedef fortigate::vpn_ipsec_phase1_interface::aggregate_weight
  • Base type int

  • Type constraint ((self >= 1) and (self <= 100))

typedef fortigate::vpn_ipsec_phase1_interface::assign_ip_from
  • Base type string

  • Type constraint (self in ['range', 'usrgrp', 'dhcp', 'name'])

typedef fortigate::vpn_ipsec_phase1_interface::authmethod
  • Base type string

  • Type constraint (self in ['psk', 'signature'])

typedef fortigate::vpn_ipsec_phase1_interface::authmethod_remote
  • Base type string

  • Type constraint (self in ['psk', 'signature'])

typedef fortigate::vpn_ipsec_phase1_interface::authusr
  • Base type string

  • Type constraint (std::length(self) <= 64)

typedef fortigate::vpn_ipsec_phase1_interface::authusrgrp
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::auto_discovery_crossover
  • Base type string

  • Type constraint (self in ['allow', 'block'])

typedef fortigate::vpn_ipsec_phase1_interface::auto_discovery_offer_interval
  • Base type int

  • Type constraint ((self >= 1) and (self <= 300))

typedef fortigate::vpn_ipsec_phase1_interface::auto_discovery_shortcuts
  • Base type string

  • Type constraint (self in ['independent', 'dependent'])

typedef fortigate::vpn_ipsec_phase1_interface::banner
  • Base type string

  • Type constraint (std::length(self) <= 1024)

typedef fortigate::vpn_ipsec_phase1_interface::default_gw_priority
  • Base type int

  • Type constraint ((self >= 0) and (self <= 4294967295))

typedef fortigate::vpn_ipsec_phase1_interface::dev_id
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::vpn_ipsec_phase2_interface::dhgrp
  • Base type string

  • Type constraint (self in ['1', '2', '5', '14', '15', '16', '17', '18', '19', '20', '21', '27', '28', '29', '30', '31', '32'])

typedef fortigate::vpn_ipsec_phase1_interface::dns_mode
  • Base type string

  • Type constraint (self in ['manual', 'auto'])

typedef fortigate::vpn_ipsec_phase1_interface::dpd
  • Base type string

  • Type constraint (self in ['disable', 'on-idle', 'on-demand'])

typedef fortigate::vpn_ipsec_phase1_interface::dpd_retrycount
  • Base type int

  • Type constraint ((self >= 0) and (self <= 10))

typedef fortigate::vpn_ipsec_phase1_interface::eap_exclude_peergrp
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase2_interface::encapsulation
  • Base type string

  • Type constraint (self in ['tunnel-mode', 'transport-mode'])

typedef fortigate::vpn_ipsec_phase1_interface::encapsulation_address
  • Base type string

  • Type constraint (self in ['ike', 'ipv4', 'ipv6'])

typedef fortigate::vpn_ipsec_phase1_interface::enforce_unique_id
  • Base type string

  • Type constraint (self in ['disable', 'keep-new', 'keep-old'])

typedef fortigate::vpn_ipsec_phase1_interface::fec_base
  • Base type int

  • Type constraint ((self >= 1) and (self <= 20))

typedef fortigate::vpn_ipsec_phase1_interface::fec_codec
  • Base type string

  • Type constraint (self in ['rs', 'xor'])

typedef fortigate::vpn_ipsec_phase1_interface::fec_health_check
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::fec_mapping_profile
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::fec_receive_timeout
  • Base type int

  • Type constraint ((self >= 1) and (self <= 1000))

typedef fortigate::vpn_ipsec_phase1_interface::fec_redundant
  • Base type int

  • Type constraint ((self >= 1) and (self <= 5))

typedef fortigate::vpn_ipsec_phase1_interface::fec_send_timeout
  • Base type int

  • Type constraint ((self >= 1) and (self <= 1000))

typedef fortigate::vpn_ipsec_phase1_interface::fragmentation_mtu
  • Base type int

  • Type constraint ((self >= 500) and (self <= 16000))

typedef fortigate::vpn_ipsec_phase1_interface::idle_timeoutinterval
  • Base type int

  • Type constraint ((self >= 5) and (self <= 43200))

typedef fortigate::vpn_ipsec_phase1_interface::ike_version
  • Base type string

  • Type constraint (self in ['1', '2'])

typedef fortigate::vpn_ipsec_phase1_interface::ip_delay_interval
  • Base type int

  • Type constraint ((self >= 0) and (self <= 28800))

typedef fortigate::vpn_ipsec_phase1_interface::ip_fragmentation
  • Base type string

  • Type constraint (self in ['pre-encapsulation', 'post-encapsulation'])

typedef fortigate::vpn_ipsec_phase1_interface::ipv4_name
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::ipv4_split_exclude
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::ipv4_split_include
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::ipv6_name
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::ipv6_prefix
  • Base type int

  • Type constraint ((self >= 1) and (self <= 128))

typedef fortigate::vpn_ipsec_phase1_interface::ipv6_split_exclude
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::ipv6_split_include
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::keepalive
  • Base type int

  • Type constraint ((self >= 10) and (self <= 900))

typedef fortigate::vpn_ipsec_phase1_interface::keylife
  • Base type int

  • Type constraint ((self >= 120) and (self <= 172800))

  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::vpn_ipsec_phase1_interface::localid
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::vpn_ipsec_phase1_interface::localid_type
  • Base type string

  • Type constraint (self in ['auto', 'fqdn', 'user-fqdn', 'keyid', 'address', 'asn1dn'])

typedef fortigate::vpn_ipsec_phase1_interface::mesh_selector_type
  • Base type string

  • Type constraint (self in ['disable', 'subnet', 'host'])

typedef fortigate::vpn_ipsec_phase1_interface::monitor
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_delay
  • Base type int

  • Type constraint ((self >= 0) and (self <= 31536000))

typedef fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_type
  • Base type string

  • Type constraint (self in ['immediate', 'delay', 'time'])

typedef fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_weekday
  • Base type string

  • Type constraint (self in ['everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'])

typedef fortigate::vpn_ipsec_phase1_interface::nattraversal
  • Base type string

  • Type constraint (self in ['enable', 'disable', 'forced'])

typedef fortigate::vpn_ipsec_phase1_interface::negotiate_timeout
  • Base type int

  • Type constraint ((self >= 1) and (self <= 300))

typedef fortigate::vpn_ipsec_phase1_interface::network_id
  • Base type int

  • Type constraint ((self >= 0) and (self <= 255))

typedef fortigate::vpn_ipsec_phase1_interface::peergrp
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::peerid
  • Base type string

  • Type constraint (std::length(self) <= 255)

typedef fortigate::vpn_ipsec_phase1_interface::peertype
  • Base type string

  • Type constraint (self in ['any', 'one', 'dialup', 'peer', 'peergrp'])

typedef fortigate::vpn_ipsec_phase1_interface::ppk
  • Base type string

  • Type constraint (self in ['disable', 'allow', 'require'])

typedef fortigate::vpn_ipsec_phase1_interface::ppk_identity
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase2_interface::proposal
  • Base type string

  • Type constraint (self in ['null-md5', 'null-sha1', 'null-sha256', 'null-sha384', 'null-sha512', 'des-null', 'des-md5', 'des-sha1', 'des-sha256', 'des-sha384', 'des-sha512', '3des-null', '3des-md5', '3des-sha1', '3des-sha256', '3des-sha384', '3des-sha512', 'aes128-null', 'aes128-md5', 'aes128-sha1', 'aes128-sha256', 'aes128-sha384', 'aes128-sha512', 'aes128gcm', 'aes192-null', 'aes192-md5', 'aes192-sha1', 'aes192-sha256', 'aes192-sha384', 'aes192-sha512', 'aes256-null', 'aes256-md5', 'aes256-sha1', 'aes256-sha256', 'aes256-sha384', 'aes256-sha512', 'aes256gcm', 'chacha20poly1305', 'aria128-null', 'aria128-md5', 'aria128-sha1', 'aria128-sha256', 'aria128-sha384', 'aria128-sha512', 'aria192-null', 'aria192-md5', 'aria192-sha1', 'aria192-sha256', 'aria192-sha384', 'aria192-sha512', 'aria256-null', 'aria256-md5', 'aria256-sha1', 'aria256-sha256', 'aria256-sha384', 'aria256-sha512', 'seed-null', 'seed-md5', 'seed-sha1', 'seed-sha256', 'seed-sha384', 'seed-sha512'])

typedef fortigate::vpn_ipsec_phase1_interface::remotegw_ddns
  • Base type string

  • Type constraint (std::length(self) <= 63)

typedef fortigate::vpn_ipsec_phase1_interface::rsa_signature_format
  • Base type string

  • Type constraint (self in ['pkcs1', 'pss'])

typedef fortigate::vpn_ipsec_phase1_interface::signature_hash_alg
  • Base type string

  • Type constraint (self in ['sha1', 'sha2-256', 'sha2-384', 'sha2-512'])

typedef fortigate::vpn_ipsec_phase1_interface::split_include_service
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase1_interface::suite_b
  • Base type string

  • Type constraint (self in ['disable', 'suite-b-gcm-128', 'suite-b-gcm-256'])

typedef fortigate::vpn_ipsec_phase1_interface::usrgrp
  • Base type string

  • Type constraint (std::length(self) <= 35)

typedef fortigate::vpn_ipsec_phase1_interface::vni
  • Base type int

  • Type constraint ((self >= 1) and (self <= 16777215))

typedef fortigate::vpn_ipsec_phase1_interface::wizard_type
  • Base type string

  • Type constraint (self in ['custom', 'dialup-forticlient', 'dialup-ios', 'dialup-android', 'dialup-windows', 'dialup-cisco', 'static-fortigate', 'dialup-fortigate', 'static-cisco', 'dialup-cisco-fw', 'simplified-static-fortigate', 'hub-fortigate-auto-discovery', 'spoke-fortigate-auto-discovery'])

typedef fortigate::vpn_ipsec_phase1_interface::xauthtype
  • Base type string

  • Type constraint (self in ['disable', 'client', 'pap', 'chap', 'auto'])

typedef fortigate::vpn_ipsec_phase1_interface::backup_gateway::address
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::add_route
  • Base type string

  • Type constraint (self in ['phase1', 'enable', 'disable'])

typedef fortigate::vpn_ipsec_phase2_interface::auto_discovery_forwarder
  • Base type string

  • Type constraint (self in ['phase1', 'enable', 'disable'])

typedef fortigate::vpn_ipsec_phase2_interface::auto_discovery_sender
  • Base type string

  • Type constraint (self in ['phase1', 'enable', 'disable'])

typedef fortigate::vpn_ipsec_phase2_interface::dst_addr_type
  • Base type string

  • Type constraint (self in ['subnet', 'range', 'ip', 'name', 'subnet6', 'range6', 'ip6', 'name6'])

typedef fortigate::vpn_ipsec_phase2_interface::dst_name
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::dst_name6
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::dst_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

typedef fortigate::vpn_ipsec_phase2_interface::inbound_dscp_copy
  • Base type string

  • Type constraint (self in ['phase1', 'enable', 'disable'])

typedef fortigate::vpn_ipsec_phase2_interface::keylife_type
  • Base type string

  • Type constraint (self in ['seconds', 'kbs', 'both'])

typedef fortigate::vpn_ipsec_phase2_interface::keylifekbs
  • Base type int

  • Type constraint ((self >= 5120) and (self <= 4294967295))

typedef fortigate::vpn_ipsec_phase2_interface::keylifeseconds
  • Base type int

  • Type constraint ((self >= 120) and (self <= 172800))

typedef fortigate::vpn_ipsec_phase2_interface::phase1name
  • Base type string

  • Type constraint (std::length(self) <= 15)

typedef fortigate::vpn_ipsec_phase2_interface::route_overlap
  • Base type string

  • Type constraint (self in ['use-old', 'use-new', 'allow'])

typedef fortigate::vpn_ipsec_phase2_interface::src_addr_type
  • Base type string

  • Type constraint (self in ['subnet', 'range', 'ip', 'name', 'subnet6', 'range6', 'ip6', 'name6'])

typedef fortigate::vpn_ipsec_phase2_interface::src_name
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::src_name6
  • Base type string

  • Type constraint (std::length(self) <= 79)

typedef fortigate::vpn_ipsec_phase2_interface::src_port
  • Base type int

  • Type constraint ((self >= 0) and (self <= 65535))

Entities

entity fortigate::Address

Parents: fortigate::base::VdomResource

attribute fortigate::common::enable_disable_t? allow_routing=null

Enable/disable use of this address in the static route configuration. enable:Enable use of this address in the static route configuration. disable:Disable use of this address in the static route configuration.

attribute fortigate::firewall_address::associated_interface? associated_interface=null

Network interface associated with address.

attribute fortigate::firewall_address::cache_ttl? cache_ttl=null

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

attribute fortigate::firewall_address::clearpass_spt? clearpass_spt=null

SPT (System Posture Token) value. unknown:UNKNOWN. healthy:HEALTHY. quarantine:QUARANTINE. checkup:CHECKUP. transient:TRANSIENT. infected:INFECTED.

attribute fortigate::firewall_address::color? color=null

Color of icon on the GUI.

attribute fortigate::firewall_address::comment? comment=null

Comment.

attribute fortigate::firewall_address::country? country=null

IP addresses associated to a specific country.

attribute string? end_ip=null

Final IP address (inclusive) in the range for the address.

attribute fortigate::firewall_address::epg_name? epg_name=null

Endpoint group name.

attribute fortigate::common::enable_disable_t? fabric_object=null

Security Fabric global object setting. enable:Object is set as a security fabric-wide global object. disable:Object is local to this security fabric member.

attribute fortigate::firewall_address::filter? filter=null

Match criteria filter.

attribute fortigate::firewall_address::fqdn? fqdn=null

Fully Qualified Domain Name address.

attribute fortigate::firewall_address::interface? interface=null

Name of interface whose IP address is to be used.

attribute fortigate::common::name_t name

Address name.

attribute fortigate::common::enable_disable_t? node_ip_only=null

Enable/disable collection of node addresses only in Kubernetes. enable:Enable collection of node addresses only in Kubernetes. disable:Disable collection of node addresses only in Kubernetes.

attribute fortigate::firewall_address::obj_id? obj_id=null

Object ID for NSX.

attribute fortigate::firewall_address::obj_tag? obj_tag=null

Tag of dynamic address object.

attribute fortigate::firewall_address::obj_type? obj_type=null

Object type. ip:IP address. mac:MAC address

attribute fortigate::firewall_address::organization? organization=null

Organization domain name (Syntax: organization/domain).

attribute fortigate::firewall_address::policy_group? policy_group=null

Policy group name.

attribute fortigate::firewall_address::sdn? sdn=null

SDN.

attribute fortigate::firewall_address::sdn_addr_type? sdn_addr_type=null

Type of addresses to collect. private:Collect private addresses only. public:Collect public addresses only. all:Collect both public and private addresses.

attribute fortigate::firewall_address::sdn_tag? sdn_tag=null

SDN Tag.

attribute string? start_ip=null

First IP address (inclusive) in the range for the address.

attribute fortigate::firewall_address::sub_type? sub_type=null

Sub-type of address. sdn:SDN address. clearpass-spt:ClearPass SPT (System Posture Token) address. fsso:FSSO address. ems-tag:FortiClient EMS tag. fortivoice-tag:FortiVoice tag. fortinac-tag:FortiNAC tag. fortipolicy-tag:FortiPolicy tag. swc-tag:Switch Controller NAC policy tag.

attribute string? subnet=null

IP address and subnet mask of address.

attribute fortigate::firewall_address::subnet_name? subnet_name=null

Subnet name.

attribute fortigate::firewall_address::tag_detection_level? tag_detection_level=null

Tag detection level of dynamic address object.

attribute fortigate::firewall_address::tag_type? tag_type=null

Tag type of dynamic address object.

attribute fortigate::firewall_address::tenant? tenant=null

Tenant.

attribute fortigate::firewall_address::type? type=null

Type of address. ipmask:Standard IPv4 address with subnet mask. iprange:Range of IPv4 addresses between two specified addresses (inclusive). fqdn:Fully Qualified Domain Name address. geography:IP addresses from a specified country. wildcard:Standard IPv4 using a wildcard subnet mask. dynamic:Dynamic address object. interface-subnet:IP and subnet of interface. mac:Range of MAC addresses.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

attribute string? wildcard=null

IP address and wildcard netmask.

attribute fortigate::firewall_address::wildcard_fqdn? wildcard_fqdn=null

Fully Qualified Domain Name with wildcard characters. :rel fsso_group: :rel list: :rel macaddr: :rel tagging:

relation fortigate::firewall_address::FssoGroup fsso_group [0:*]
relation fortigate::firewall_address::List list [0:*]
relation fortigate::firewall_address::Macaddr macaddr [0:*]
relation fortigate::firewall_address::Tagging tagging [0:*]

The following implements statements select implementations for this entity:

entity fortigate::Address6

Parents: fortigate::base::VdomResource

attribute fortigate::firewall_address6::cache_ttl? cache_ttl=null

Minimal TTL of individual IPv6 addresses in FQDN cache.

attribute fortigate::firewall_address6::color? color=null

Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1).

attribute fortigate::firewall_address6::comment? comment=null

Comment.

attribute fortigate::firewall_address6::country? country=null

IPv6 addresses associated to a specific country.

attribute string? end_ip=null

Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

attribute fortigate::firewall_address6::epg_name? epg_name=null

Endpoint group name.

attribute fortigate::common::enable_disable_t? fabric_object=null

Security Fabric global object setting. enable:Object is set as a security fabric-wide global object. disable:Object is local to this security fabric member.

attribute fortigate::firewall_address6::fqdn? fqdn=null

Fully qualified domain name.

attribute string? host=null

Host Address.

attribute fortigate::firewall_address6::host_type? host_type=null

Host type. any:Wildcard. specific:Specific host address.

attribute string? ip6=null

IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).

attribute fortigate::common::name_t name

Address name.

attribute fortigate::firewall_address6::obj_id? obj_id=null

Object ID for NSX.

attribute fortigate::firewall_address6::sdn? sdn=null

SDN.

attribute fortigate::firewall_address6::sdn_tag? sdn_tag=null

SDN Tag.

attribute string? start_ip=null

First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

attribute fortigate::firewall_address6::template? template=null

IPv6 address template.

attribute fortigate::firewall_address6::tenant? tenant=null

Tenant.

attribute fortigate::firewall_address6::type? type=null

Type of IPv6 address object (default = ipprefix). ipprefix:Uses the IP prefix to define a range of IPv6 addresses. iprange:Range of IPv6 addresses between two specified addresses (inclusive). fqdn:Fully qualified domain name. geography:IPv6 addresses from a specified country. dynamic:Dynamic address object for SDN. template:Template. mac:Range of MAC addresses.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset). :rel list: :rel macaddr: :rel subnet_segment: :rel tagging:

relation fortigate::firewall_address6::List list [0:*]
relation fortigate::firewall_address6::Macaddr macaddr [0:*]
relation fortigate::firewall_address6::SubnetSegment subnet_segment [0:*]
relation fortigate::firewall_address6::Tagging tagging [0:*]

The following implements statements select implementations for this entity:

entity fortigate::AddressGroup

Parents: fortigate::base::VdomResource

attribute fortigate::common::enable_disable_t? allow_routing=null

Enable/disable use of this group in the static route configuration. enable:Enable use of this group in the static route configuration. disable:Disable use of this group in the static route configuration.

attribute fortigate::firewall_addrgrp::category? category=null

Address group category. default:Default address group category (cannot be used as ztna-ems-tag/ztna-geo-tag in policy). ztna-ems-tag:Members must be ztna-ems-tag group or ems-tag address, can be used as ztna-ems-tag in policy. ztna-geo-tag:Members must be ztna-geo-tag group or geographic address, can be used as ztna-geo-tag in policy.

attribute fortigate::firewall_addrgrp::color? color=null

Color of icon on the GUI.

attribute fortigate::firewall_addrgrp::comment? comment=null

Comment.

attribute fortigate::common::enable_disable_t? exclude=null

Enable/disable address exclusion. enable:Enable address exclusion. disable:Disable address exclusion.

attribute fortigate::common::enable_disable_t? fabric_object=null

Security Fabric global object setting. enable:Object is set as a security fabric-wide global object. disable:Object is local to this security fabric member.

attribute fortigate::firewall_addrgrp::name name

Address group name.

attribute fortigate::firewall_addrgrp::type? type=null

Address group type. default:Default address group type (address may belong to multiple groups). folder:Address folder group (members may not belong to any other group).

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset). :rel exclude_member: :rel member: :rel tagging:

relation fortigate::firewall_addrgrp::ExcludeMember exclude_member [0:*]
relation fortigate::firewall_addrgrp::Member member [0:*]
relation fortigate::firewall_addrgrp::Tagging tagging [0:*]

The following implements statements select implementations for this entity:

entity fortigate::AddressGroup6

Parents: fortigate::base::VdomResource

attribute fortigate::firewall_addrgrp6::color? color=null

Integer value to determine the color of the icon in the GUI (1 - 32, default = 0, which sets the value to 1).

attribute fortigate::firewall_addrgrp6::comment? comment=null

Comment.

attribute fortigate::common::enable_disable_t? fabric_object=null

Security Fabric global object setting. enable:Object is set as a security fabric-wide global object. disable:Object is local to this security fabric member.

attribute fortigate::firewall_addrgrp6::name name

IPv6 address group name.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset). :rel member: :rel tagging:

relation fortigate::firewall_addrgrp6::Member member [0:*]
relation fortigate::firewall_addrgrp6::Tagging tagging [0:*]

The following implements statements select implementations for this entity:

entity fortigate::BGP

Parents: fortigate::base::VdomResource

attribute fortigate::common::enable_disable_t? additional_path=null

Enable/disable selection of BGP IPv4 additional paths. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? additional_path6=null

Enable/disable selection of BGP IPv6 additional paths. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::additional_path_select? additional_path_select=null

Number of additional paths to be selected for each IPv4 NLRI.

attribute fortigate::router_bgp::additional_path_select6? additional_path_select6=null

Number of additional paths to be selected for each IPv6 NLRI.

attribute fortigate::router_bgp::additional_path_select_vpnv4? additional_path_select_vpnv4=null

Number of additional paths to be selected for each VPNv4 NLRI.

attribute fortigate::common::enable_disable_t? additional_path_vpnv4=null

Enable/disable selection of BGP VPNv4 additional paths. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? always_compare_med=null

Enable/disable always compare MED. enable:Enable setting. disable:Disable setting.

attribute string asn

Router AS number, asplain/asdot/asdot+ format, 0 to disable BGP.

attribute fortigate::common::enable_disable_t? bestpath_as_path_ignore=null

Enable/disable ignore AS path. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? bestpath_cmp_confed_aspath=null

Enable/disable compare federation AS path length. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? bestpath_cmp_routerid=null

Enable/disable compare router ID for identical EBGP paths. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? bestpath_med_confed=null

Enable/disable compare MED among confederation paths. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? bestpath_med_missing_as_worst=null

Enable/disable treat missing MED as least preferred. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? client_to_client_reflection=null

Enable/disable client-to-client route reflection. enable:Enable setting. disable:Disable setting.

attribute string? cluster_id=null

Route reflector cluster ID.

attribute fortigate::router_bgp::confederation_identifier? confederation_identifier=null

Confederation identifier.

attribute fortigate::common::enable_disable_t? dampening=null

Enable/disable route-flap dampening. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::dampening_max_suppress_time? dampening_max_suppress_time=null

Maximum minutes a route can be suppressed.

attribute fortigate::router_bgp::dampening_reachability_half_life? dampening_reachability_half_life=null

Reachability half-life time for penalty (min).

attribute fortigate::router_bgp::dampening_reuse? dampening_reuse=null

Threshold to reuse routes.

attribute fortigate::router_bgp::dampening_route_map? dampening_route_map=null

Criteria for dampening.

attribute fortigate::router_bgp::dampening_suppress? dampening_suppress=null

Threshold to suppress routes.

attribute fortigate::router_bgp::dampening_unreachability_half_life? dampening_unreachability_half_life=null

Unreachability half-life time for penalty (min).

attribute fortigate::router_bgp::default_local_preference? default_local_preference=null

Default local preference.

attribute fortigate::common::enable_disable_t? deterministic_med=null

Enable/disable enforce deterministic comparison of MED. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::distance_external? distance_external=null

Distance for routes external to the AS.

attribute fortigate::router_bgp::distance_internal? distance_internal=null

Distance for routes internal to the AS.

attribute fortigate::router_bgp::distance_local? distance_local=null

Distance for routes local to the AS.

attribute fortigate::common::enable_disable_t? ebgp_multipath=null

Enable/disable EBGP multi-path. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? enforce_first_as=null

Enable/disable enforce first AS for EBGP routes. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? fast_external_failover=null

Enable/disable reset peer BGP session if link goes down. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? graceful_end_on_timer=null

Enable/disable to exit graceful restart on timer only. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? graceful_restart=null

Enable/disable BGP graceful restart capabilities. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::graceful_restart_time? graceful_restart_time=null

Time needed for neighbors to restart (sec).

attribute fortigate::router_bgp::graceful_stalepath_time? graceful_stalepath_time=null

Time to hold stale paths of restarting neighbor (sec).

attribute fortigate::router_bgp::graceful_update_delay? graceful_update_delay=null

Route advertisement/selection delay after restart (sec).

attribute fortigate::router_bgp::holdtime_timer? holdtime_timer=null

Number of seconds to mark peer as dead.

attribute fortigate::common::enable_disable_t? ibgp_multipath=null

Enable/disable IBGP multi-path. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? ignore_optional_capability=null

Do not send unknown optional capability notification message. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::keepalive_timer? keepalive_timer=null

Frequency to send keep alive requests.

attribute fortigate::common::enable_disable_t? log_neighbour_changes=null

Log BGP neighbor changes. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? multipath_recursive_distance=null

Enable/disable use of recursive distance to select multipath. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? network_import_check=null

Enable/disable ensure BGP network route exists in IGP. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? recursive_inherit_priority=null

Enable/disable priority inheritance for recursive resolution. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? recursive_next_hop=null

Enable/disable recursive resolution of next-hop using BGP route. enable:Enable setting. disable:Disable setting.

attribute string? router_id=null

Router ID.

attribute fortigate::router_bgp::scan_time? scan_time=null

Background scanner interval (sec), 0 to disable it.

attribute fortigate::common::enable_disable_t? synchronization=null

Enable/disable only advertise routes from iBGP if routes present in an IGP. enable:Enable setting. disable:Disable setting.

attribute fortigate::router_bgp::tag_resolve_mode? tag_resolve_mode=null

Configure tag-match mode. Resolves BGP routes with other routes containing the same tag. disable:Disable tag-match mode. preferred:Use tag-match if a BGP route resolution with another route containing the same tag is successful. merge:Merge tag-match with best-match if they are using different routes. The result will exclude the next hops of tag-match whose interfaces have appeared in best-match. :rel admin_distance: :rel aggregate_address: :rel aggregate_address6: :rel confederation_peers: :rel neighbor: :rel neighbor_group: :rel neighbor_range: :rel neighbor_range6: :rel network: :rel network6: :rel redistribute: :rel redistribute6: :rel vrf: :rel vrf6:

relation fortigate::router_bgp::AdminDistance admin_distance [0:*]
relation fortigate::router_bgp::AggregateAddress aggregate_address [0:*]
relation fortigate::router_bgp::AggregateAddress6 aggregate_address6 [0:*]
relation fortigate::router_bgp::ConfederationPeers confederation_peers [0:*]
relation fortigate::router_bgp::Neighbor neighbor [0:*]
relation fortigate::router_bgp::NeighborGroup neighbor_group [0:*]
relation fortigate::router_bgp::NeighborRange neighbor_range [0:*]
relation fortigate::router_bgp::NeighborRange6 neighbor_range6 [0:*]
relation fortigate::router_bgp::Network network [0:*]
relation fortigate::router_bgp::Network6 network6 [0:*]
relation fortigate::router_bgp::Redistribute redistribute [0:*]
relation fortigate::router_bgp::Redistribute6 redistribute6 [0:*]
relation fortigate::router_bgp::Vrf vrf [0:*]
relation fortigate::router_bgp::Vrf6 vrf6 [0:*]

The following implements statements select implementations for this entity:

entity fortigate::DosPolicy

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall__dos_policy::comments? comments=null

Comment.

attribute fortigate::firewall__dos_policy::interface? interface=null

Incoming interface name from available interfaces.

attribute fortigate::firewall__dos_policy::name? name=null

Policy name.

attribute fortigate::firewall__dos_policy::policyid policyid

Policy ID.

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this policy. enable:Enable this policy. disable:Disable this policy. :rel anomaly: :rel dstaddr: :rel service: :rel srcaddr:

relation fortigate::firewall__dos_policy::Anomaly anomaly [0:*]
relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name service [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::DosPolicyRange parent [0:1]

other end: fortigate::base::DosPolicyRange.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::DosPolicy6

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall__dos_policy6::comments? comments=null

Comment.

attribute fortigate::firewall__dos_policy6::interface? interface=null

Incoming interface name from available interfaces.

attribute fortigate::firewall__dos_policy6::name? name=null

Policy name.

attribute fortigate::firewall__dos_policy6::policyid policyid

Policy ID.

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this policy. enable:Enable this policy. disable:Disable this policy. :rel anomaly: :rel dstaddr: :rel service: :rel srcaddr:

relation fortigate::firewall__dos_policy6::Anomaly anomaly [0:*]
relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name service [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::DosPolicy6Range parent [0:1]

other end: fortigate::base::DosPolicy6Range.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::Interface

Parents: fortigate::base::VdomResource

attribute fortigate::system_interface::ac_name? ac_name=null

PPPoE server name.

attribute fortigate::system_interface::aggregate? aggregate=null

Aggregate interface.

attribute fortigate::system_interface::aggregate_type? aggregate_type=null

Type of aggregation. physical:Physical interface aggregation. vxlan:VXLAN interface aggregation.

attribute fortigate::system_interface::algorithm? algorithm=null

Frame distribution algorithm. L2:Use layer 2 address for distribution. L3:Use layer 3 address for distribution. L4:Use layer 4 information for distribution. Source-MAC:Use source MAC address for distribution.

attribute fortigate::system_interface::alias? alias=null

Alias will be displayed with the interface name to make it easier to distinguish.

attribute fortigate::system_interface::allowaccess[]? allowaccess=null

Permitted types of management access to this interface. ping:PING access. https:HTTPS access. ssh:SSH access. snmp:SNMP access. http:HTTP access. telnet:TELNET access. fgfm:FortiManager access. radius-acct:RADIUS accounting access. probe-response:Probe access. fabric:Security Fabric access. ftm:FTM access. speed-test:Speed test access.

attribute fortigate::common::enable_disable_t? ap_discover=null

Enable/disable automatic registration of unknown FortiAP devices. enable:Enable automatic registration of unknown FortiAP devices. disable:Disable automatic registration of unknown FortiAP devices.

attribute fortigate::common::enable_disable_t? arpforward=null

Enable/disable ARP forwarding. enable:Enable ARP forwarding. disable:Disable ARP forwarding.

attribute fortigate::system_interface::auth_cert? auth_cert=null

HTTPS server certificate.

attribute fortigate::system_interface::auth_portal_addr? auth_portal_addr=null

Address of captive portal.

attribute fortigate::system_interface::auth_type? auth_type=null

PPP authentication type to use. auto:Automatically choose authentication. pap:PAP authentication. chap:CHAP authentication. mschapv1:MS-CHAPv1 authentication. mschapv2:MS-CHAPv2 authentication.

attribute fortigate::common::enable_disable_t? auto_auth_extension_device=null

Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. enable:Enable automatic authorization of dedicated Fortinet extension device on this interface. disable:Disable automatic authorization of dedicated Fortinet extension device on this interface.

attribute fortigate::system_interface::bandwidth_measure_time? bandwidth_measure_time=null

Bandwidth measure time.

attribute fortigate::system_interface::bfd? bfd=null

Bidirectional Forwarding Detection (BFD) settings. global:BFD behavior of this interface will be based on global configuration. enable:Enable BFD on this interface and ignore global configuration. disable:Disable BFD on this interface and ignore global configuration.

attribute fortigate::system_interface::bfd_desired_min_tx? bfd_desired_min_tx=null

BFD desired minimal transmit interval.

attribute fortigate::system_interface::bfd_detect_mult? bfd_detect_mult=null

BFD detection multiplier.

attribute fortigate::system_interface::bfd_required_min_rx? bfd_required_min_rx=null

BFD required minimal receive interval.

attribute fortigate::common::enable_disable_t? broadcast_forward=null

Enable/disable broadcast forwarding. enable:Enable broadcast forwarding. disable:Disable broadcast forwarding.

attribute fortigate::system_interface::cli_conn_status? cli_conn_status=null

CLI connection status.

attribute fortigate::system_interface::color? color=null

Color of icon on the GUI.

attribute fortigate::system_interface::dedicated_to? dedicated_to=null

Configure interface for single purpose. none:Interface not dedicated for any purpose. management:Dedicate this interface for management purposes only.

attribute fortigate::common::enable_disable_t? defaultgw=null

Enable to get the gateway IP from the DHCP or PPPoE server. enable:Enable default gateway. disable:Disable default gateway.

attribute fortigate::system_interface::description? description=null

Description.

attribute fortigate::system_interface::detected_peer_mtu? detected_peer_mtu=null

MTU of detected peer (0 - 4294967295).

attribute fortigate::system_interface::detectprotocol? detectprotocol=null

Protocols used to detect the server. ping:PING. tcp-echo:TCP echo. udp-echo:UDP echo.

attribute string? detectserver=null

Gateway’s ping server for this IP.

attribute fortigate::common::enable_disable_t? device_identification=null

Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. enable:Enable passive gathering of identity information about hosts. disable:Disable passive gathering of identity information about hosts.

attribute fortigate::common::enable_disable_t? device_user_identification=null

Enable/disable passive gathering of user identity information about users on this interface. enable:Enable passive gathering of user identity information about users. disable:Disable passive gathering of user identity information about users.

attribute fortigate::system_interface::devindex? devindex=null

Device Index.

attribute fortigate::common::enable_disable_t? dhcp_classless_route_addition=null

Enable/disable addition of classless static routes retrieved from DHCP server. enable:Enable addition of classless static routes retrieved from DHCP server. disable:Disable addition of classless static routes retrieved from DHCP server.

attribute fortigate::system_interface::dhcp_client_identifier? dhcp_client_identifier=null

DHCP client identifier.

attribute fortigate::common::enable_disable_t? dhcp_relay_agent_option=null

Enable/disable DHCP relay agent option. enable:Enable DHCP relay agent option. disable:Disable DHCP relay agent option.

attribute fortigate::system_interface::dhcp_relay_interface? dhcp_relay_interface=null

Specify outgoing interface to reach server.

attribute fortigate::system_interface::dhcp_relay_interface_select_method? dhcp_relay_interface_select_method=null

Specify how to select outgoing interface to reach server. auto:Set outgoing interface automatically. sdwan:Set outgoing interface by SD-WAN or policy routing rules. specify:Set outgoing interface manually.

attribute string? dhcp_relay_ip=null

DHCP relay IP address.

DHCP relay link selection.

attribute fortigate::common::enable_disable_t? dhcp_relay_request_all_server=null

Enable/disable sending of DHCP requests to all servers. disable:Send DHCP requests only to a matching server. enable:Send DHCP requests to all servers.

attribute fortigate::common::enable_disable_t? dhcp_relay_service=null

Enable/disable allowing this interface to act as a DHCP relay. disable:None. enable:DHCP relay agent.

attribute fortigate::system_interface::dhcp_relay_type? dhcp_relay_type=null

DHCP relay type (regular or IPsec). regular:Regular DHCP relay. ipsec:DHCP relay for IPsec.

attribute fortigate::system_interface::dhcp_renew_time? dhcp_renew_time=null

DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.

attribute fortigate::system_interface::disc_retry_timeout? disc_retry_timeout=null

Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.

attribute fortigate::system_interface::disconnect_threshold? disconnect_threshold=null

Time in milliseconds to wait before sending a notification that this interface is down or disconnected.

attribute fortigate::system_interface::distance? distance=null

Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.

attribute fortigate::common::enable_disable_t? dns_server_override=null

Enable/disable use DNS acquired by DHCP or PPPoE. enable:Use DNS acquired by DHCP or PPPoE. disable:No not use DNS acquired by DHCP or PPPoE.

attribute fortigate::system_interface::dns_server_protocol? dns_server_protocol=null

DNS transport protocols. cleartext:DNS over UDP/53, DNS over TCP/53. dot:DNS over TLS/853. doh:DNS over HTTPS/443.

attribute fortigate::common::enable_disable_t? drop_fragment=null

Enable/disable drop fragment packets. enable:Enable/disable drop fragment packets. disable:Do not drop fragment packets.

attribute fortigate::common::enable_disable_t? drop_overlapped_fragment=null

Enable/disable drop overlapped fragment packets. enable:Enable drop of overlapped fragment packets. disable:Disable drop of overlapped fragment packets.

attribute fortigate::system_interface::eap_ca_cert? eap_ca_cert=null

EAP CA certificate name.

attribute fortigate::system_interface::eap_identity? eap_identity=null

EAP identity.

attribute fortigate::system_interface::eap_method? eap_method=null

EAP method. tls:TLS. peap:PEAP.

attribute string? eap_password=null

EAP password.

attribute fortigate::common::enable_disable_t? eap_supplicant=null

Enable/disable EAP-Supplicant. enable:Enable EAP Supplicant. disable:Disable EAP Supplicant.

attribute fortigate::system_interface::eap_user_cert? eap_user_cert=null

EAP user certificate name.

attribute fortigate::system_interface::egress_shaping_profile? egress_shaping_profile=null

Outgoing traffic shaping profile.

attribute fortigate::system_interface::estimated_downstream_bandwidth? estimated_downstream_bandwidth=null

Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.

attribute fortigate::system_interface::estimated_upstream_bandwidth? estimated_upstream_bandwidth=null

Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.

attribute fortigate::common::enable_disable_t? explicit_ftp_proxy=null

Enable/disable the explicit FTP proxy on this interface. enable:Enable explicit FTP proxy on this interface. disable:Disable explicit FTP proxy on this interface.

attribute fortigate::common::enable_disable_t? explicit_web_proxy=null

Enable/disable the explicit web proxy on this interface. enable:Enable explicit Web proxy on this interface. disable:Disable explicit Web proxy on this interface.

attribute fortigate::common::enable_disable_t? external=null

Enable/disable identifying the interface as an external interface (which usually means it’s connected to the Internet). enable:Enable identifying the interface as an external interface. disable:Disable identifying the interface as an external interface.

attribute fortigate::system_interface::fail_action_on_extender? fail_action_on_extender=null

Action on FortiExtender when interface fail. soft-restart:Soft-restart-on-extender. hard-restart:Hard-restart-on-extender. reboot:Reboot-on-extender.

attribute fortigate::system_interface::fail_alert_method? fail_alert_method=null

Select link-failed-signal or link-down method to alert about a failed link. link-failed-signal:Link-failed-signal. link-down:Link-down.

attribute fortigate::common::enable_disable_t? fail_detect=null

Enable/disable fail detection features for this interface. enable:Enable interface failed option status. disable:Disable interface failed option status.

attribute fortigate::system_interface::fail_detect_option? fail_detect_option=null

Options for detecting that this interface has failed. detectserver:Use a ping server to determine if the interface has failed. link-down:Use port detection to determine if the interface has failed.

Enable FortiLink to dedicate this interface to manage other Fortinet devices. enable:Enable FortiLink to dedicated interface for managing FortiSwitch devices. disable:Disable FortiLink to dedicated interface for managing FortiSwitch devices.

FortiLink split interface backup link.

Protocol for FortiGate neighbor discovery. lldp:Detect FortiLink neighbors using LLDP protocol. fortilink:Detect FortiLink neighbors using FortiLink protocol.

Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. enable:Enable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. disable:Disable FortiLink split interface.

attribute fortigate::system_interface::forward_domain? forward_domain=null

Transparent mode forward domain.

attribute fortigate::common::enable_disable_t? gwdetect=null

Enable/disable detect gateway alive for first. enable:Enable detect gateway alive for first. disable:Disable detect gateway alive for first.

attribute fortigate::system_interface::ha_priority? ha_priority=null

HA election priority for the PING server.

attribute fortigate::common::enable_disable_t? icmp_accept_redirect=null

Enable/disable ICMP accept redirect. enable:Enable ICMP accept redirect. disable:Disable ICMP accept redirect.

attribute fortigate::common::enable_disable_t? icmp_send_redirect=null

Enable/disable sending of ICMP redirects. enable:Enable sending of ICMP redirects. disable:Disable sending of ICMP redirects.

attribute fortigate::common::enable_disable_t? ident_accept=null

Enable/disable authentication for this interface. enable:Enable determining a user’s identity from packet identification. disable:Disable determining a user’s identity from packet identification.

attribute fortigate::system_interface::idle_timeout? idle_timeout=null

PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.

attribute fortigate::system_interface::ike_saml_server? ike_saml_server=null

Configure IKE authentication SAML server.

attribute fortigate::system_interface::inbandwidth? inbandwidth=null

Bandwidth limit for incoming traffic (0 - 80000000 kbps), 0 means unlimited.

attribute fortigate::system_interface::ingress_shaping_profile? ingress_shaping_profile=null

Incoming traffic shaping profile.

attribute fortigate::system_interface::ingress_spillover_threshold? ingress_spillover_threshold=null

Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.

attribute fortigate::system_interface::interface? interface=null

Interface name.

attribute fortigate::system_interface::internal? internal=null

Implicitly created.

attribute string? ip=null

Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.

attribute fortigate::common::enable_disable_t? ip_managed_by_fortiipam=null

Enable/disable automatic IP address assignment of this interface by FortiIPAM. enable:Enable automatic IP address assignment of this interface by FortiIPAM. disable:Disable automatic IP address assignment of this interface by FortiIPAM.

attribute fortigate::common::enable_disable_t? ipmac=null

Enable/disable IP/MAC binding. enable:Enable IP/MAC binding. disable:Disable IP/MAC binding.

attribute fortigate::common::enable_disable_t? ips_sniffer_mode=null

Enable/disable the use of this interface as a one-armed sniffer. enable:Enable IPS sniffer mode. disable:Disable IPS sniffer mode.

attribute string? ipunnumbered=null

Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.

attribute fortigate::common::enable_disable_t? l2forward=null

Enable/disable l2 forwarding. enable:Enable L2 forwarding. disable:Disable L2 forwarding.

attribute fortigate::common::enable_disable_t? l2tp_client=null

Enable/disable this interface as a Layer 2 Tunnelling Protocol (L2TP) client. enable:Enable L2TP client. disable:Disable L2TP client.

attribute fortigate::common::enable_disable_t? lacp_ha_secondary=null

LACP HA secondary member. enable:Allow HA secondary member to send/receive LACP messages. disable:Block HA secondary member from sending/receiving LACP messages.

attribute fortigate::system_interface::lacp_mode? lacp_mode=null

LACP mode. static:Use static aggregation, do not send and ignore any LACP messages. passive:Passively use LACP to negotiate 802.3ad aggregation. active:Actively use LACP to negotiate 802.3ad aggregation.

attribute fortigate::system_interface::lacp_speed? lacp_speed=null

How often the interface sends LACP messages. slow:Send LACP message every 30 seconds. fast:Send LACP message every second.

attribute fortigate::system_interface::lcp_echo_interval? lcp_echo_interval=null

Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.

attribute fortigate::system_interface::lcp_max_echo_fails? lcp_max_echo_fails=null

Maximum missed LCP echo messages before disconnect.

Number of milliseconds to wait before considering a link is up.

attribute fortigate::system_interface::lldp_network_policy? lldp_network_policy=null

LLDP-MED network policy profile.

attribute fortigate::system_interface::lldp_reception? lldp_reception=null

Enable/disable Link Layer Discovery Protocol (LLDP) reception. enable:Enable reception of Link Layer Discovery Protocol (LLDP). disable:Disable reception of Link Layer Discovery Protocol (LLDP). vdom:Use VDOM Link Layer Discovery Protocol (LLDP) reception configuration setting.

attribute fortigate::system_interface::lldp_transmission? lldp_transmission=null

Enable/disable Link Layer Discovery Protocol (LLDP) transmission. enable:Enable transmission of Link Layer Discovery Protocol (LLDP). disable:Disable transmission of Link Layer Discovery Protocol (LLDP). vdom:Use VDOM Link Layer Discovery Protocol (LLDP) transmission configuration setting.

attribute string? macaddr=null

Change the interface’s MAC address.

attribute fortigate::system_interface::managed_subnetwork_size? managed_subnetwork_size=null

Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit’s DHCP server settings. 32:Allocate a subnet with 32 IP addresses. 64:Allocate a subnet with 64 IP addresses. 128:Allocate a subnet with 128 IP addresses. 256:Allocate a subnet with 256 IP addresses. 512:Allocate a subnet with 512 IP addresses. 1024:Allocate a subnet with 1024 IP addresses. 2048:Allocate a subnet with 2048 IP addresses. 4096:Allocate a subnet with 4096 IP addresses. 8192:Allocate a subnet with 8192 IP addresses. 16384:Allocate a subnet with 16384 IP addresses. 32768:Allocate a subnet with 32768 IP addresses. 65536:Allocate a subnet with 65536 IP addresses.

attribute string? management_ip=null

High Availability in-band management IP address of this interface.

attribute fortigate::system_interface::measured_downstream_bandwidth? measured_downstream_bandwidth=null

Measured downstream bandwidth (kbps).

attribute fortigate::system_interface::measured_upstream_bandwidth? measured_upstream_bandwidth=null

Measured upstream bandwidth (kbps).

Minimum number of aggregated ports that must be up.

Action to take when less than the configured minimum number of links are active. operational:Set the aggregate operationally down. administrative:Set the aggregate administratively down.

attribute fortigate::system_interface::mode? mode=null

Addressing mode (static, DHCP, PPPoE). static:Static setting. dhcp:External DHCP client mode. pppoe:External PPPoE mode.

attribute fortigate::common::enable_disable_t? monitor_bandwidth=null

Enable monitoring bandwidth on this interface. enable:Enable monitoring bandwidth on this interface. disable:Disable monitoring bandwidth on this interface.

attribute fortigate::system_interface::mtu? mtu=null

MTU value for this interface.

attribute fortigate::common::enable_disable_t? mtu_override=null

Enable to set a custom MTU for this interface. enable:Override default MTU. disable:Use default MTU.

attribute fortigate::system_interface::name name

Name.

attribute fortigate::common::enable_disable_t? ndiscforward=null

Enable/disable NDISC forwarding. enable:Enable NDISC forwarding. disable:Disable NDISC forwarding.

attribute fortigate::common::enable_disable_t? netbios_forward=null

Enable/disable NETBIOS forwarding. disable:Disable NETBIOS forwarding. enable:Enable NETBIOS forwarding.

attribute fortigate::system_interface::netflow_sampler? netflow_sampler=null

Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). disable:Disable NetFlow protocol on this interface. tx:Monitor transmitted traffic on this interface. rx:Monitor received traffic on this interface. both:Monitor transmitted/received traffic on this interface.

attribute fortigate::system_interface::outbandwidth? outbandwidth=null

Bandwidth limit for outgoing traffic (0 - 80000000 kbps).

attribute fortigate::system_interface::padt_retry_timeout? padt_retry_timeout=null

PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.

attribute string? password=null

PPPoE account’s password.

attribute string? physical=null

Print physical interface information.

attribute fortigate::system_interface::ping_serv_status? ping_serv_status=null

PING server status.

attribute fortigate::system_interface::polling_interval? polling_interval=null

sFlow polling interval in seconds (1 - 255).

attribute fortigate::common::enable_disable_t? pppoe_unnumbered_negotiate=null

Enable/disable PPPoE unnumbered negotiation. enable:Enable IP address negotiating for unnumbered. disable:Disable IP address negotiating for unnumbered.

attribute fortigate::system_interface::pptp_auth_type? pptp_auth_type=null

PPTP authentication type. auto:Automatically choose authentication. pap:PAP authentication. chap:CHAP authentication. mschapv1:MS-CHAPv1 authentication. mschapv2:MS-CHAPv2 authentication.

attribute fortigate::common::enable_disable_t? pptp_client=null

Enable/disable PPTP client. enable:Enable PPTP client. disable:Disable PPTP client.

attribute string? pptp_password=null

PPTP password.

attribute string? pptp_server_ip=null

PPTP server IP address.

attribute fortigate::system_interface::pptp_timeout? pptp_timeout=null

Idle timer in minutes (0 for disabled).

attribute fortigate::system_interface::pptp_user? pptp_user=null

PPTP user name.

attribute fortigate::common::enable_disable_t? preserve_session_route=null

Enable/disable preservation of session route when dirty. enable:Enable preservation of session route when dirty. disable:Disable preservation of session route when dirty.

attribute fortigate::system_interface::priority? priority=null

Priority of learned routes.

attribute fortigate::common::enable_disable_t? priority_override=null

Enable/disable fail back to higher priority port once recovered. enable:Enable fail back to higher priority port once recovered. disable:Disable fail back to higher priority port once recovered.

attribute fortigate::common::enable_disable_t? proxy_captive_portal=null

Enable/disable proxy captive portal on this interface. enable:Enable proxy captive portal on this interface. disable:Disable proxy captive portal on this interface.

attribute fortigate::system_interface::reachable_time? reachable_time=null

IPv4 reachable time in milliseconds (30000 - 3600000, default = 30000).

attribute fortigate::system_interface::redundant_interface? redundant_interface=null

Redundant interface.

attribute string? remote_ip=null

Remote IP address of tunnel.

attribute fortigate::system_interface::replacemsg_override_group? replacemsg_override_group=null

Replacement message override group.

attribute fortigate::system_interface::role? role=null

Interface role. lan:Connected to local network of endpoints. wan:Connected to Internet. dmz:Connected to server zone. undefined:Interface has no specific role.

attribute fortigate::system_interface::sample_direction? sample_direction=null

Data that NetFlow collects (rx, tx, or both). tx:Monitor transmitted traffic on this interface. rx:Monitor received traffic on this interface. both:Monitor transmitted/received traffic on this interface.

attribute fortigate::system_interface::sample_rate? sample_rate=null

sFlow sample rate (10 - 99999).

attribute fortigate::common::enable_disable_t? secondary_ip=null

Enable/disable adding a secondary IP to this interface. enable:Enable secondary IP. disable:Disable secondary IP.

attribute fortigate::system_interface::security_8021x_dynamic_vlan_id? security_8021x_dynamic_vlan_id=null

VLAN ID for virtual switch.

attribute fortigate::system_interface::security_8021x_master? security_8021x_master=null

802.1X master virtual-switch.

attribute fortigate::system_interface::security_8021x_mode? security_8021x_mode=null

802.1X mode. default:802.1X default mode. dynamic-vlan:802.1X dynamic VLAN (master) mode. fallback:802.1X fallback (master) mode. slave:802.1X slave mode.

attribute fortigate::system_interface::security_exempt_list? security_exempt_list=null

Name of security-exempt-list.

attribute fortigate::system_interface::security_external_logout? security_external_logout=null

URL of external authentication logout server.

attribute fortigate::system_interface::security_external_web? security_external_web=null

URL of external authentication web server.

attribute fortigate::system_interface::security_mac_auth_bypass? security_mac_auth_bypass=null

Enable/disable MAC authentication bypass. mac-auth-only:Enable MAC authentication bypass without EAP. enable:Enable MAC authentication bypass. disable:Disable MAC authentication bypass.

attribute fortigate::system_interface::security_mode? security_mode=null

Turn on captive portal authentication for this interface. none:No security option. captive-portal:Captive portal authentication. 802.1X:802.1X port-based authentication.

attribute fortigate::system_interface::security_redirect_url? security_redirect_url=null

URL redirection after disclaimer/authentication.

attribute fortigate::system_interface::service_name? service_name=null

PPPoE service name.

attribute fortigate::common::enable_disable_t? sflow_sampler=null

Enable/disable sFlow on this interface. enable:Enable sFlow protocol on this interface. disable:Disable sFlow protocol on this interface.

attribute fortigate::system_interface::snmp_index? snmp_index=null

Permanent SNMP Index of the interface.

attribute fortigate::system_interface::speed? speed=null

Interface speed. The default setting and the options available depend on the interface hardware. auto:Automatically adjust speed. 10full:10M full-duplex. 10half:10M half-duplex. 100full:100M full-duplex. 100half:100M half-duplex. 1000full:1000M full-duplex. 1000auto:1000M auto adjust.

attribute fortigate::system_interface::spillover_threshold? spillover_threshold=null

Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.

attribute fortigate::common::enable_disable_t? src_check=null

Enable/disable source IP check. enable:Enable source IP check. disable:Disable source IP check.

attribute fortigate::system_interface::status? status=null

Bring the interface up or shut the interface down. up:Bring the interface up. down:Shut the interface down.

attribute fortigate::common::enable_disable_t? stp=null

Enable/disable STP. disable:Disable STP. enable:Enable STP.

attribute fortigate::system_interface::stp_ha_secondary? stp_ha_secondary=null

Control STP behavior on HA secondary. disable:Disable STP negotiation on HA secondary. enable:Enable STP negotiation on HA secondary. priority-adjust:Enable STP negotiation on HA secondary and make priority lower than HA primary.

attribute fortigate::common::enable_disable_t? stpforward=null

Enable/disable STP forwarding. enable:Enable STP forwarding. disable:Disable STP forwarding.

attribute fortigate::system_interface::stpforward_mode? stpforward_mode=null

Configure STP forwarding mode. rpl-all-ext-id:Replace all extension IDs (root, bridge). rpl-bridge-ext-id:Replace the bridge extension ID only. rpl-nothing:Replace nothing.

attribute fortigate::common::enable_disable_t? subst=null

Enable to always send packets from this interface to a destination MAC address. enable:Send packets from this interface. disable:Do not send packets from this interface.

attribute string? substitute_dst_mac=null

Destination MAC address that all packets are sent to from this interface.

attribute fortigate::system_interface::swc_first_create? swc_first_create=null

Initial create for switch-controller VLANs.

attribute fortigate::system_interface::swc_vlan? swc_vlan=null

Creation status for switch-controller VLANs.

attribute fortigate::system_interface::switch? switch=null

Contained in switch.

attribute fortigate::common::enable_disable_t? switch_controller_access_vlan=null

Block FortiSwitch port-to-port traffic. enable:Block FortiSwitch port-to-port traffic on the VLAN, only permitting traffic to and from the FortiGate. disable:Allow normal VLAN traffic.

attribute fortigate::common::enable_disable_t? switch_controller_arp_inspection=null

Enable/disable FortiSwitch ARP inspection. enable:Enable ARP inspection for FortiSwitch devices. disable:Disable ARP inspection for FortiSwitch devices.

attribute fortigate::common::enable_disable_t? switch_controller_dhcp_snooping=null

Switch controller DHCP snooping. enable:Enable DHCP snooping for FortiSwitch devices. disable:Disable DHCP snooping for FortiSwitch devices.

attribute fortigate::common::enable_disable_t? switch_controller_dhcp_snooping_option82=null

Switch controller DHCP snooping option82. enable:Enable DHCP snooping insert option82 for FortiSwitch devices. disable:Disable DHCP snooping insert option82 for FortiSwitch devices.

attribute fortigate::common::enable_disable_t? switch_controller_dhcp_snooping_verify_mac=null

Switch controller DHCP snooping verify MAC. enable:Enable DHCP snooping verify source MAC for FortiSwitch devices. disable:Disable DHCP snooping verify source MAC for FortiSwitch devices.

attribute fortigate::system_interface::switch_controller_dynamic? switch_controller_dynamic=null

Integrated FortiLink settings for managed FortiSwitch.

attribute fortigate::system_interface::switch_controller_feature? switch_controller_feature=null

Interface’s purpose when assigning traffic (read only). none:VLAN for generic purpose. default-vlan:Default VLAN (native) assigned to all switch ports upon discovery. quarantine:VLAN for quarantined traffic. rspan:VLAN for RSPAN/ERSPAN mirrored traffic. voice:VLAN dedicated for voice devices. video:VLAN dedicated for camera devices. nac:VLAN dedicated for NAC onboarding devices. nac-segment:VLAN dedicated for NAC segment devices.

attribute fortigate::common::enable_disable_t? switch_controller_igmp_snooping=null

Switch controller IGMP snooping. enable:Enable IGMP snooping. disable:Disable IGMP snooping.

attribute fortigate::common::enable_disable_t? switch_controller_igmp_snooping_fast_leave=null

Switch controller IGMP snooping fast-leave. enable:Enable IGMP snooping fast-leave. disable:Disable IGMP snooping fast-leave.

attribute fortigate::common::enable_disable_t? switch_controller_igmp_snooping_proxy=null

Switch controller IGMP snooping proxy. enable:Enable IGMP snooping proxy. disable:Disable IGMP snooping proxy.

attribute fortigate::common::enable_disable_t? switch_controller_iot_scanning=null

Enable/disable managed FortiSwitch IoT scanning. enable:Enable IoT scanning for managed FortiSwitch devices. disable:Disable IoT scanning for managed FortiSwitch devices.

attribute fortigate::system_interface::switch_controller_learning_limit? switch_controller_learning_limit=null

Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).

attribute fortigate::system_interface::switch_controller_mgmt_vlan? switch_controller_mgmt_vlan=null

VLAN to use for FortiLink management purposes.

attribute fortigate::system_interface::switch_controller_nac? switch_controller_nac=null

Integrated FortiLink settings for managed FortiSwitch.

attribute fortigate::common::enable_disable_t? switch_controller_netflow_collect=null

NetFlow collection and processing. disable:Disable NetFlow collection. enable:Enable NetFlow collection.

attribute fortigate::common::enable_disable_t? switch_controller_rspan_mode=null

Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. disable:Disable RSPAN passthrough mode on this VLAN interface. enable:Enable RSPAN passthrough mode on this VLAN interface.

attribute fortigate::system_interface::switch_controller_source_ip? switch_controller_source_ip=null

Source IP address used in FortiLink over L3 connections. outbound:Source IP address is that of the outbound interface. fixed:Source IP address is that of the FortiLink interface.

attribute fortigate::system_interface::switch_controller_traffic_policy? switch_controller_traffic_policy=null

Switch controller traffic policy for the VLAN.

attribute string? system_id=null

Define a system ID for the aggregate interface.

attribute fortigate::system_interface::system_id_type? system_id_type=null

Method in which system ID is generated. auto:Use the MAC address of the first member. user:User-defined system ID.

attribute fortigate::system_interface::tcp_mss? tcp_mss=null

TCP maximum segment size. 0 means do not change segment size.

attribute string? trust_ip6_1=null

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

attribute string? trust_ip6_2=null

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

attribute string? trust_ip6_3=null

Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).

attribute string? trust_ip_1=null

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

attribute string? trust_ip_2=null

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

attribute string? trust_ip_3=null

Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).

attribute fortigate::system_interface::type? type=null

Interface type. physical:Physical interface. vlan:VLAN interface. aggregate:Aggregate interface. redundant:Redundant interface. tunnel:Tunnel interface. vdom-link:VDOM link interface. loopback:Loopback interface. switch:Software switch interface. hard-switch:Hardware switch interface. vap-switch:VAP interface. wl-mesh:WLAN mesh interface. fext-wan:FortiExtender interface. vxlan:VXLAN interface. geneve:GENEVE interface. hdlc:T1/E1 interface. switch-vlan:Switch VLAN interface. emac-vlan:EMAC VLAN interface. ssl:SSL VPN client interface. lan-extension:LAN extension interface.

attribute fortigate::system_interface::username? username=null

Username of the PPPoE account, provided by your ISP.

attribute string vdom

Interface is in this virtual domain (VDOM).

attribute fortigate::system_interface::vindex? vindex=null

Switch control interface VLAN ID.

attribute fortigate::system_interface::vlan_protocol? vlan_protocol=null

Ethernet protocol of VLAN. 8021q:IEEE 802.1Q. 8021ad:IEEE 802.1AD.

attribute fortigate::common::enable_disable_t? vlanforward=null

Enable/disable traffic forwarding between VLANs on this interface. enable:Enable traffic forwarding. disable:Disable traffic forwarding.

attribute fortigate::system_interface::vlanid? vlanid=null

VLAN ID (1 - 4094).

attribute fortigate::system_interface::vrf? vrf=null

Virtual Routing Forwarding ID.

attribute fortigate::common::enable_disable_t? vrrp_virtual_mac=null

Enable/disable use of virtual MAC for VRRP. enable:Enable use of virtual MAC for VRRP. disable:Disable use of virtual MAC for VRRP.

attribute fortigate::common::enable_disable_t? wccp=null

Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. enable:Enable WCCP protocol on this interface. disable:Disable WCCP protocol on this interface.

attribute fortigate::system_interface::weight? weight=null

Default weight for static routes (if route has no weight configured).

attribute string? wins_ip=null

WINS server IP. :rel client_options: :rel dhcp_snooping_server_list: :rel fail_alert_interfaces: :rel ipv6: :rel l2tp_client_settings: :rel member: :rel secondaryip: :rel security_groups: :rel tagging: :rel vrrp:

relation fortigate::system_interface::ClientOptions client_options [0:*]
relation fortigate::system_interface::DhcpSnoopingServerList dhcp_snooping_server_list [0:*]
relation fortigate::system_interface::FailAlertInterfaces fail_alert_interfaces [0:*]
relation fortigate::system_interface::Ipv6 ipv6 [0:*]
relation fortigate::system_interface::L2tpClientSettings l2tp_client_settings [0:*]
relation fortigate::system_interface::Member member [0:*]
relation fortigate::system_interface::Secondaryip secondaryip [0:*]
relation fortigate::system_interface::SecurityGroups security_groups [0:*]
relation fortigate::system_interface::Tagging tagging [0:*]
relation fortigate::system_interface::Vrrp vrrp [0:*]

The following implements statements select implementations for this entity:

entity fortigate::IpSecPhase1Interface

Parents: fortigate::base::VdomResource, fortigate::base::SecretResource

attribute fortigate::common::enable_disable_t? acct_verify=null

Enable/disable verification of RADIUS accounting record. enable:Enable verification of RADIUS accounting record. disable:Disable verification of RADIUS accounting record.

attribute fortigate::common::enable_disable_t? add_gw_route=null

Enable/disable automatically add a route to the remote gateway. enable:Automatically add a route to the remote gateway. disable:Do not automatically add a route to the remote gateway.

attribute fortigate::common::enable_disable_t? add_route=null

Enable/disable control addition of a route to peer destination selector. disable:Do not add a route to destination of peer selector. enable:Add route to destination of peer selector.

attribute fortigate::common::enable_disable_t? aggregate_member=null

Enable/disable use as an aggregate member. enable:Enable use as an aggregate member. disable:Disable use as an aggregate member.

attribute fortigate::vpn_ipsec_phase1_interface::aggregate_weight? aggregate_weight=null

Link weight for aggregate.

attribute fortigate::common::enable_disable_t? assign_ip=null

Enable/disable assignment of IP to IPsec interface via configuration method. disable:Do not assign an IP address to the IPsec interface. enable:Assign an IP address to the IPsec interface.

attribute fortigate::vpn_ipsec_phase1_interface::assign_ip_from? assign_ip_from=null

Method by which the IP address will be assigned. range:Assign IP address from locally defined range. usrgrp:Assign IP address via user group. dhcp:Assign IP address via DHCP. name:Assign IP address from firewall address or group.

attribute fortigate::vpn_ipsec_phase1_interface::authmethod? authmethod=null

Authentication method. psk:PSK authentication method. signature:Signature authentication method.

attribute fortigate::vpn_ipsec_phase1_interface::authmethod_remote? authmethod_remote=null

Authentication method (remote side). psk:PSK authentication method. signature:Signature authentication method.

attribute string? authpasswd=null

XAuth password (max 35 characters).

attribute fortigate::vpn_ipsec_phase1_interface::authusr? authusr=null

XAuth user name.

attribute fortigate::vpn_ipsec_phase1_interface::authusrgrp? authusrgrp=null

Authentication user group.

attribute fortigate::vpn_ipsec_phase1_interface::auto_discovery_crossover? auto_discovery_crossover=null

Allow/block set-up of short-cut tunnels between different network IDs. allow:Allow set-up of short-cut tunnels between different network IDs. block:Block set-up of short-cut tunnels between different network IDs.

attribute fortigate::common::enable_disable_t? auto_discovery_forwarder=null

Enable/disable forwarding auto-discovery short-cut messages. enable:Enable forwarding auto-discovery short-cut messages. disable:Disable forwarding auto-discovery short-cut messages.

attribute fortigate::vpn_ipsec_phase1_interface::auto_discovery_offer_interval? auto_discovery_offer_interval=null

Interval between shortcut offer messages in seconds (1 - 300, default = 5).

attribute fortigate::common::enable_disable_t? auto_discovery_psk=null

Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. enable:Enable use of pre-shared-secret authentication for auto-discovery tunnels. disable:Disable use of authentication defined by ‘authmethod’ for auto-discovery tunnels.

attribute fortigate::common::enable_disable_t? auto_discovery_receiver=null

Enable/disable accepting auto-discovery short-cut messages. enable:Enable receiving auto-discovery short-cut messages. disable:Disable receiving auto-discovery short-cut messages.

attribute fortigate::common::enable_disable_t? auto_discovery_sender=null

Enable/disable sending auto-discovery short-cut messages. enable:Enable sending auto-discovery short-cut messages. disable:Disable sending auto-discovery short-cut messages.

attribute fortigate::vpn_ipsec_phase1_interface::auto_discovery_shortcuts? auto_discovery_shortcuts=null

Control deletion of child short-cut tunnels when the parent tunnel goes down. independent:Short-cut tunnels remain up if the parent tunnel goes down. dependent:Short-cut tunnels are brought down if the parent tunnel goes down.

attribute fortigate::common::enable_disable_t? auto_negotiate=null

Enable/disable automatic initiation of IKE SA negotiation. enable:Enable automatic initiation of IKE SA negotiation. disable:Disable automatic initiation of IKE SA negotiation.

attribute fortigate::vpn_ipsec_phase1_interface::banner? banner=null

Message that unity client should display after connecting.

attribute fortigate::common::enable_disable_t? cert_id_validation=null

Enable/disable cross validation of peer ID and the identity in the peer’s certificate as specified in RFC 4945. enable:Enable cross validation of peer ID and the identity in the peer’s certificate as specified in RFC 4945. disable:Disable cross validation of peer ID and the identity in the peer’s certificate as specified in RFC 4945.

attribute fortigate::common::enable_disable_t? childless_ike=null

Enable/disable childless IKEv2 initiation (RFC 6023). enable:Enable childless IKEv2 initiation (RFC 6023). disable:Disable childless IKEv2 initiation (RFC 6023).

attribute fortigate::common::enable_disable_t? client_auto_negotiate=null

Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. disable:Disable allowing the VPN client to bring up the tunnel when there is no traffic. enable:Enable allowing the VPN client to bring up the tunnel when there is no traffic.

attribute fortigate::common::enable_disable_t? client_keep_alive=null

Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. disable:Disable allowing the VPN client to keep the tunnel up when there is no traffic. enable:Enable allowing the VPN client to keep the tunnel up when there is no traffic.

attribute fortigate::vpn_ipsec_phase1_interface::comments? comments=null

Comment.

attribute string? default_gw=null

IPv4 address of default route gateway to use for traffic exiting the interface.

attribute fortigate::vpn_ipsec_phase1_interface::default_gw_priority? default_gw_priority=null

Priority for default gateway route. A higher priority number signifies a less preferred route.

attribute fortigate::vpn_ipsec_phase1_interface::dev_id? dev_id=null

Device ID carried by the device ID notification.

attribute fortigate::common::enable_disable_t? dev_id_notification=null

Enable/disable device ID notification. disable:Disable device ID notification. enable:Enable device ID notification.

attribute string? dhcp6_ra_linkaddr=null

Relay agent IPv6 link address to use in DHCP6 requests.

attribute string? dhcp_ra_giaddr=null

Relay agent gateway IP address to use in the giaddr field of DHCP requests.

attribute fortigate::vpn_ipsec_phase1_interface::dhgrp? dhgrp=null

DH group. 1:DH Group 1. 2:DH Group 2. 5:DH Group 5. 14:DH Group 14. 15:DH Group 15. 16:DH Group 16. 17:DH Group 17. 18:DH Group 18. 19:DH Group 19. 20:DH Group 20. 21:DH Group 21. 27:DH Group 27. 28:DH Group 28. 29:DH Group 29. 30:DH Group 30. 31:DH Group 31. 32:DH Group 32.

attribute fortigate::common::enable_disable_t? digital_signature_auth=null

Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). enable:Enable IKEv2 Digital Signature Authentication (RFC 7427). disable:Disable IKEv2 Digital Signature Authentication (RFC 7427).

attribute fortigate::vpn_ipsec_phase1_interface::distance? distance=null

Distance for routes added by IKE (1 - 255).

attribute fortigate::vpn_ipsec_phase1_interface::dns_mode? dns_mode=null

DNS server mode. manual:Manually configure DNS servers. auto:Use default DNS servers.

attribute fortigate::vpn_ipsec_phase1_interface::domain? domain=null

Instruct unity clients about the single default DNS domain.

attribute fortigate::vpn_ipsec_phase1_interface::dpd? dpd=null

Dead Peer Detection mode. disable:Disable Dead Peer Detection. on-idle:Trigger Dead Peer Detection when IPsec is idle. on-demand:Trigger Dead Peer Detection when IPsec traffic is sent but no reply is received from the peer.

attribute fortigate::vpn_ipsec_phase1_interface::dpd_retrycount? dpd_retrycount=null

Number of DPD retry attempts.

attribute string? dpd_retryinterval=null

DPD retry interval.

attribute fortigate::common::enable_disable_t? eap=null

Enable/disable IKEv2 EAP authentication. enable:Enable IKEv2 EAP authentication. disable:Disable IKEv2 EAP authentication.

attribute fortigate::vpn_ipsec_phase1_interface::eap_exclude_peergrp? eap_exclude_peergrp=null

Peer group excluded from EAP authentication.

attribute fortigate::vpn_ipsec_phase1_interface::eap_identity? eap_identity=null

IKEv2 EAP peer identity type. use-id-payload:Use IKEv2 IDi payload to resolve peer identity. send-request:Use EAP identity request to resolve peer identity.

attribute string? encap_local_gw4=null

Local IPv4 address of GRE/VXLAN tunnel.

attribute string? encap_local_gw6=null

Local IPv6 address of GRE/VXLAN tunnel.

attribute string? encap_remote_gw4=null

Remote IPv4 address of GRE/VXLAN tunnel.

attribute string? encap_remote_gw6=null

Remote IPv6 address of GRE/VXLAN tunnel.

attribute fortigate::vpn_ipsec_phase1_interface::encapsulation? encapsulation=null

Enable/disable GRE/VXLAN/VPNID encapsulation. none:No additional encapsulation. gre:GRE encapsulation. vxlan:VXLAN encapsulation. vpn-id-ipip:VPN ID with IPIP encapsulation.

attribute fortigate::vpn_ipsec_phase1_interface::encapsulation_address? encapsulation_address=null

Source for GRE/VXLAN tunnel address. ike:Use IKE/IPsec gateway addresses. ipv4:Specify separate GRE/VXLAN tunnel address. ipv6:Specify separate GRE/VXLAN tunnel address.

attribute fortigate::vpn_ipsec_phase1_interface::enforce_unique_id? enforce_unique_id=null

Enable/disable peer ID uniqueness check. disable:Disable peer ID uniqueness enforcement. keep-new:Enforce peer ID uniqueness, keep new connection if collision found. keep-old:Enforce peer ID uniqueness, keep old connection if collision found.

attribute fortigate::common::enable_disable_t? exchange_fgt_device_id=null

Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. enable:Enable exchange of FortiGate device identifier. disable:Disable exchange of FortiGate device identifier.

attribute fortigate::common::enable_disable_t? exchange_interface_ip=null

Enable/disable exchange of IPsec interface IP address. enable:Enable exchange of IPsec interface IP address. disable:Disable exchange of IPsec interface IP address.

attribute string? exchange_ip_addr4=null

IPv4 address to exchange with peers.

attribute string? exchange_ip_addr6=null

IPv6 address to exchange with peers.

attribute fortigate::vpn_ipsec_phase1_interface::fec_base? fec_base=null

Number of base Forward Error Correction packets (1 - 20).

attribute fortigate::vpn_ipsec_phase1_interface::fec_codec? fec_codec=null

Forward Error Correction encoding/decoding algorithm. rs:Reed-Solomon FEC algorithm. xor:XOR FEC algorithm.

attribute fortigate::common::enable_disable_t? fec_egress=null

Enable/disable Forward Error Correction for egress IPsec traffic. enable:Enable Forward Error Correction for egress IPsec traffic. disable:Disable Forward Error Correction for egress IPsec traffic.

attribute fortigate::vpn_ipsec_phase1_interface::fec_health_check? fec_health_check=null

SD-WAN health check.

attribute fortigate::common::enable_disable_t? fec_ingress=null

Enable/disable Forward Error Correction for ingress IPsec traffic. enable:Enable Forward Error Correction for ingress IPsec traffic. disable:Disable Forward Error Correction for ingress IPsec traffic.

attribute fortigate::vpn_ipsec_phase1_interface::fec_mapping_profile? fec_mapping_profile=null

Forward Error Correction (FEC) mapping profile.

attribute fortigate::vpn_ipsec_phase1_interface::fec_receive_timeout? fec_receive_timeout=null

Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000).

attribute fortigate::vpn_ipsec_phase1_interface::fec_redundant? fec_redundant=null

Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor).

attribute fortigate::vpn_ipsec_phase1_interface::fec_send_timeout? fec_send_timeout=null

Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).

attribute fortigate::common::enable_disable_t? fgsp_sync=null

Enable/disable IPsec syncing of tunnels for FGSP IPsec. enable:Enable IPsec syncing of tunnels to other cluster members. disable:Disable IPsec syncing of tunnels to other cluster members.

attribute fortigate::common::enable_disable_t? forticlient_enforcement=null

Enable/disable FortiClient enforcement. enable:Enable FortiClient enforcement. disable:Disable FortiClient enforcement.

attribute fortigate::common::enable_disable_t? fragmentation=null

Enable/disable fragment IKE message on re-transmission. enable:Enable intra-IKE fragmentation support on re-transmission. disable:Disable intra-IKE fragmentation support.

attribute fortigate::vpn_ipsec_phase1_interface::fragmentation_mtu? fragmentation_mtu=null

IKE fragmentation MTU (500 - 16000).

attribute fortigate::common::enable_disable_t? group_authentication=null

Enable/disable IKEv2 IDi group authentication. enable:Enable IKEv2 IDi group authentication. disable:Disable IKEv2 IDi group authentication.

attribute string? group_authentication_secret=null

Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.

attribute fortigate::common::enable_disable_t? ha_sync_esp_seqno=null

Enable/disable sequence number jump ahead for IPsec HA. enable:Enable HA syncing of ESP sequence numbers. disable:Disable HA syncing of ESP sequence numbers.

attribute fortigate::common::enable_disable_t? idle_timeout=null

Enable/disable IPsec tunnel idle timeout. enable:Enable IPsec tunnel idle timeout. disable:Disable IPsec tunnel idle timeout.

attribute fortigate::vpn_ipsec_phase1_interface::idle_timeoutinterval? idle_timeoutinterval=null

IPsec tunnel idle timeout in minutes (5 - 43200).

attribute fortigate::vpn_ipsec_phase1_interface::ike_version? ike_version=null

IKE protocol version. 1:Use IKEv1 protocol. 2:Use IKEv2 protocol.

attribute fortigate::common::enable_disable_t? inbound_dscp_copy=null

Enable/disable copy the dscp in the ESP header to the inner IP Header. enable:Enable copy the dscp in the ESP header to the inner IP Header. disable:Disable copy the dscp in the ESP header to the inner IP Header.

attribute fortigate::common::enable_disable_t? include_local_lan=null

Enable/disable allow local LAN access on unity clients. disable:Disable local LAN access on Unity clients. enable:Enable local LAN access on Unity clients.

attribute fortigate::vpn_ipsec_phase1_interface::interface? interface=null

Local physical, aggregate, or VLAN outgoing interface.

attribute fortigate::vpn_ipsec_phase1_interface::ip_delay_interval? ip_delay_interval=null

IP address reuse delay interval in seconds (0 - 28800).

attribute fortigate::vpn_ipsec_phase1_interface::ip_fragmentation? ip_fragmentation=null

Determine whether IP packets are fragmented before or after IPsec encapsulation. pre-encapsulation:Fragment before IPsec encapsulation. post-encapsulation:Fragment after IPsec encapsulation (RFC compliant).

attribute fortigate::vpn_ipsec_phase1_interface::ip_version? ip_version=null

IP version to use for VPN interface. 4:Use IPv4 addressing for gateways. 6:Use IPv6 addressing for gateways.

attribute string? ipv4_dns_server1=null

IPv4 DNS server 1.

attribute string? ipv4_dns_server2=null

IPv4 DNS server 2.

attribute string? ipv4_dns_server3=null

IPv4 DNS server 3.

attribute string? ipv4_end_ip=null

End of IPv4 range.

attribute fortigate::vpn_ipsec_phase1_interface::ipv4_name? ipv4_name=null

IPv4 address name.

attribute string? ipv4_netmask=null

IPv4 Netmask.

attribute fortigate::vpn_ipsec_phase1_interface::ipv4_split_exclude? ipv4_split_exclude=null

IPv4 subnets that should not be sent over the IPsec tunnel.

attribute fortigate::vpn_ipsec_phase1_interface::ipv4_split_include? ipv4_split_include=null

IPv4 split-include subnets.

attribute string? ipv4_start_ip=null

Start of IPv4 range.

attribute string? ipv4_wins_server1=null

WINS server 1.

attribute string? ipv4_wins_server2=null

WINS server 2.

attribute string? ipv6_dns_server1=null

IPv6 DNS server 1.

attribute string? ipv6_dns_server2=null

IPv6 DNS server 2.

attribute string? ipv6_dns_server3=null

IPv6 DNS server 3.

attribute string? ipv6_end_ip=null

End of IPv6 range.

attribute fortigate::vpn_ipsec_phase1_interface::ipv6_name? ipv6_name=null

IPv6 address name.

attribute fortigate::vpn_ipsec_phase1_interface::ipv6_prefix? ipv6_prefix=null

IPv6 prefix.

attribute fortigate::vpn_ipsec_phase1_interface::ipv6_split_exclude? ipv6_split_exclude=null

IPv6 subnets that should not be sent over the IPsec tunnel.

attribute fortigate::vpn_ipsec_phase1_interface::ipv6_split_include? ipv6_split_include=null

IPv6 split-include subnets.

attribute string? ipv6_start_ip=null

Start of IPv6 range.

attribute fortigate::vpn_ipsec_phase1_interface::keepalive? keepalive=null

NAT-T keep alive interval.

attribute fortigate::vpn_ipsec_phase1_interface::keylife? keylife=null

Time to wait in seconds before phase 1 encryption key expires.

VPN tunnel underlay link cost.

attribute string? local_gw=null

IPv4 address of the local gateway’s external interface.

attribute string? local_gw6=null

IPv6 address of the local gateway’s external interface.

attribute fortigate::vpn_ipsec_phase1_interface::localid? localid=null

Local ID.

attribute fortigate::vpn_ipsec_phase1_interface::localid_type? localid_type=null

Local ID type. auto:Select ID type automatically. fqdn:Use fully qualified domain name. user-fqdn:Use user fully qualified domain name. keyid:Use key-id string. address:Use local IP address. asn1dn:Use ASN.1 distinguished name.

attribute fortigate::common::enable_disable_t? loopback_asymroute=null

Enable/disable asymmetric routing for IKE traffic on loopback interface. enable:Allow ingress/egress IKE traffic to be routed over different interfaces. disable:Ingress/egress IKE traffic must be routed over the same interface.

attribute fortigate::vpn_ipsec_phase1_interface::mesh_selector_type? mesh_selector_type=null

Add selectors containing subsets of the configuration depending on traffic. disable:Disable. subnet:Enable addition of matching subnet selector. host:Enable addition of host to host selector.

attribute fortigate::vpn_ipsec_phase1_interface::mode? mode=null

The ID protection mode used to establish a secure channel. aggressive:Aggressive mode. main:Main mode.

attribute fortigate::common::enable_disable_t? mode_cfg=null

Enable/disable configuration method. disable:Disable Configuration Method. enable:Enable Configuration Method.

attribute fortigate::common::enable_disable_t? mode_cfg_allow_client_selector=null

Enable/disable mode-cfg client to use custom phase2 selectors. disable:Mode-cfg client to use wildcard selectors. enable:Mode-cfg client to use custom selectors.

attribute fortigate::vpn_ipsec_phase1_interface::monitor? monitor=null

IPsec interface as backup for primary interface.

attribute fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_delay? monitor_hold_down_delay=null

Time to wait in seconds before recovery once primary re-establishes.

attribute string? monitor_hold_down_time=null

Time of day at which to fail back to primary after it re-establishes.

attribute fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_type? monitor_hold_down_type=null

Recovery time method when primary interface re-establishes. immediate:Fail back immediately after primary recovers. delay:Number of seconds to delay fail back after primary recovers. time:Specify a time at which to fail back after primary recovers.

attribute fortigate::vpn_ipsec_phase1_interface::monitor_hold_down_weekday? monitor_hold_down_weekday=null

Day of the week to recover once primary re-establishes. everyday:Every Day. sunday:Sunday. monday:Monday. tuesday:Tuesday. wednesday:Wednesday. thursday:Thursday. friday:Friday. saturday:Saturday.

attribute fortigate::vpn_ipsec_phase1_interface::name name

IPsec remote gateway name.

attribute fortigate::vpn_ipsec_phase1_interface::nattraversal? nattraversal=null

Enable/disable NAT traversal. enable:Enable IPsec NAT traversal. disable:Disable IPsec NAT traversal. forced:Force IPsec NAT traversal on.

attribute fortigate::vpn_ipsec_phase1_interface::negotiate_timeout? negotiate_timeout=null

IKE SA negotiation timeout in seconds (1 - 300).

attribute fortigate::common::enable_disable_t? net_device=null

Enable/disable kernel device creation. enable:Create a kernel device for every tunnel. disable:Do not create a kernel device for tunnels.

attribute fortigate::vpn_ipsec_phase1_interface::network_id? network_id=null

VPN gateway network ID.

attribute fortigate::common::enable_disable_t? network_overlay=null

Enable/disable network overlays. disable:Disable network overlays. enable:Enable network overlays.

attribute fortigate::common::enable_disable_t? npu_offload=null

Enable/disable offloading NPU. enable:Enable NPU offloading. disable:Disable NPU offloading.

attribute fortigate::common::enable_disable_t? passive_mode=null

Enable/disable IPsec passive mode for static tunnels. enable:Enable IPsec passive mode. disable:Disable IPsec passive mode.

attribute fortigate::vpn_ipsec_phase1_interface::peer? peer=null

Accept this peer certificate.

attribute fortigate::vpn_ipsec_phase1_interface::peergrp? peergrp=null

Accept this peer certificate group.

attribute fortigate::vpn_ipsec_phase1_interface::peerid? peerid=null

Accept this peer identity.

attribute fortigate::vpn_ipsec_phase1_interface::peertype? peertype=null

Accept this peer type. any:Accept any peer ID. one:Accept this peer ID. dialup:Accept peer ID in dialup group. peer:Accept this peer certificate. peergrp:Accept this peer certificate group.

attribute fortigate::vpn_ipsec_phase1_interface::ppk? ppk=null

Enable/disable IKEv2 Postquantum Preshared Key (PPK). disable:Disable use of IKEv2 Postquantum Preshared Key (PPK). allow:Allow, but do not require, use of IKEv2 Postquantum Preshared Key (PPK). require:Require use of IKEv2 Postquantum Preshared Key (PPK).

attribute fortigate::vpn_ipsec_phase1_interface::ppk_identity? ppk_identity=null

IKEv2 Postquantum Preshared Key Identity.

attribute string? ppk_secret=null

IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).

attribute fortigate::vpn_ipsec_phase1_interface::priority? priority=null

Priority for routes added by IKE (1 - 65535).

attribute fortigate::vpn_ipsec_phase1_interface::proposal? proposal=null

Phase1 proposal. des-md5:des-md5 des-sha1:des-sha1 des-sha256:des-sha256 des-sha384:des-sha384 des-sha512:des-sha512 3des-md5:3des-md5 3des-sha1:3des-sha1 3des-sha256:3des-sha256 3des-sha384:3des-sha384 3des-sha512:3des-sha512 aes128-md5:aes128-md5 aes128-sha1:aes128-sha1 aes128-sha256:aes128-sha256 aes128-sha384:aes128-sha384 aes128-sha512:aes128-sha512 aes128gcm-prfsha1:aes128gcm-prfsha1 aes128gcm-prfsha256:aes128gcm-prfsha256 aes128gcm-prfsha384:aes128gcm-prfsha384 aes128gcm-prfsha512:aes128gcm-prfsha512 aes192-md5:aes192-md5 aes192-sha1:aes192-sha1 aes192-sha256:aes192-sha256 aes192-sha384:aes192-sha384 aes192-sha512:aes192-sha512 aes256-md5:aes256-md5 aes256-sha1:aes256-sha1 aes256-sha256:aes256-sha256 aes256-sha384:aes256-sha384 aes256-sha512:aes256-sha512 aes256gcm-prfsha1:aes256gcm-prfsha1 aes256gcm-prfsha256:aes256gcm-prfsha256 aes256gcm-prfsha384:aes256gcm-prfsha384 aes256gcm-prfsha512:aes256gcm-prfsha512 chacha20poly1305-prfsha1:chacha20poly1305-prfsha1 chacha20poly1305-prfsha256:chacha20poly1305-prfsha256 chacha20poly1305-prfsha384:chacha20poly1305-prfsha384 chacha20poly1305-prfsha512:chacha20poly1305-prfsha512 aria128-md5:aria128-md5 aria128-sha1:aria128-sha1 aria128-sha256:aria128-sha256 aria128-sha384:aria128-sha384 aria128-sha512:aria128-sha512 aria192-md5:aria192-md5 aria192-sha1:aria192-sha1 aria192-sha256:aria192-sha256 aria192-sha384:aria192-sha384 aria192-sha512:aria192-sha512 aria256-md5:aria256-md5 aria256-sha1:aria256-sha1 aria256-sha256:aria256-sha256 aria256-sha384:aria256-sha384 aria256-sha512:aria256-sha512 seed-md5:seed-md5 seed-sha1:seed-sha1 seed-sha256:seed-sha256 seed-sha384:seed-sha384 seed-sha512:seed-sha512

attribute string? psksecret=null

Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).

attribute string? psksecret_remote=null

Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).

attribute fortigate::common::enable_disable_t? reauth=null

Enable/disable re-authentication upon IKE SA lifetime expiration. disable:Disable IKE SA re-authentication. enable:Enable IKE SA re-authentication.

attribute fortigate::common::enable_disable_t? rekey=null

Enable/disable phase1 rekey. enable:Enable phase1 rekey. disable:Disable phase1 rekey.

attribute string? remote_gw=null

IPv4 address of the remote gateway’s external interface.

attribute string? remote_gw6=null

IPv6 address of the remote gateway’s external interface.

attribute fortigate::vpn_ipsec_phase1_interface::remotegw_ddns? remotegw_ddns=null

Domain name of remote gateway. For example, name.ddns.com.

attribute fortigate::vpn_ipsec_phase1_interface::rsa_signature_format? rsa_signature_format=null

Digital Signature Authentication RSA signature format. pkcs1:RSASSA PKCS#1 v1.5. pss:RSASSA Probabilistic Signature Scheme (PSS).

attribute fortigate::common::enable_disable_t? rsa_signature_hash_override=null

Enable/disable IKEv2 RSA signature hash algorithm override. enable:Enable IKEv2 RSA signature hash algorithm override. disable:Disable IKEv2 RSA signature hash algorithm override.

attribute fortigate::common::enable_disable_t? save_password=null

Enable/disable saving XAuth username and password on VPN clients. disable:Disable saving XAuth username and password on VPN clients. enable:Enable saving XAuth username and password on VPN clients.

attribute fortigate::common::enable_disable_t? send_cert_chain=null

Enable/disable sending certificate chain. enable:Enable sending certificate chain. disable:Disable sending certificate chain.

attribute fortigate::vpn_ipsec_phase1_interface::signature_hash_alg? signature_hash_alg=null

Digital Signature Authentication hash algorithms. sha1:SHA1. sha2-256:SHA2-256. sha2-384:SHA2-384. sha2-512:SHA2-512.

attribute fortigate::vpn_ipsec_phase1_interface::split_include_service? split_include_service=null

Split-include services.

attribute fortigate::vpn_ipsec_phase1_interface::suite_b? suite_b=null

Use Suite-B. disable:Do not use UI suite. suite-b-gcm-128:Use Suite-B-GCM-128. suite-b-gcm-256:Use Suite-B-GCM-256.

attribute fortigate::vpn_ipsec_phase1_interface::type? type=null

Remote gateway type. static:Remote VPN gateway has fixed IP address. dynamic:Remote VPN gateway has dynamic IP address. ddns:Remote VPN gateway has dynamic IP address and is a dynamic DNS client.

attribute fortigate::common::enable_disable_t? unity_support=null

Enable/disable support for Cisco UNITY Configuration Method extensions. disable:Disable Cisco Unity Configuration Method Extensions. enable:Enable Cisco Unity Configuration Method Extensions.

attribute fortigate::vpn_ipsec_phase1_interface::usrgrp? usrgrp=null

User group name for dialup peers.

attribute fortigate::vpn_ipsec_phase1_interface::vni? vni=null

VNI of VXLAN tunnel.

attribute fortigate::vpn_ipsec_phase1_interface::wizard_type? wizard_type=null

GUI VPN Wizard Type. custom:Custom VPN configuration. dialup-forticlient:Dial Up - FortiClient Windows, Mac and Android. dialup-ios:Dial Up - iPhone / iPad Native IPsec Client. dialup-android:Dial Up - Android Native IPsec Client. dialup-windows:Dial Up - Windows Native IPsec Client. dialup-cisco:Dial Up - Cisco IPsec Client. static-fortigate:Site to Site - FortiGate. dialup-fortigate:Dial Up - FortiGate. static-cisco:Site to Site - Cisco. dialup-cisco-fw:Dialup Up - Cisco Firewall. simplified-static-fortigate:Site to Site - FortiGate (SD-WAN). hub-fortigate-auto-discovery:Hub role in a Hub-and-Spoke auto-discovery VPN. spoke-fortigate-auto-discovery:Spoke role in a Hub-and-Spoke auto-discovery VPN.

attribute fortigate::vpn_ipsec_phase1_interface::xauthtype? xauthtype=null

XAuth type. disable:Disable. client:Enable as client. pap:Enable as server PAP. chap:Enable as server CHAP. auto:Enable as server auto. :rel backup_gateway: :rel certificate: :rel ipv4_exclude_range: :rel ipv6_exclude_range:

relation fortigate::vpn_ipsec_phase1_interface::BackupGateway backup_gateway [0:*]
relation fortigate::vpn_ipsec_phase1_interface::Certificate certificate [0:*]
relation fortigate::vpn_ipsec_phase1_interface::Ipv4ExcludeRange ipv4_exclude_range [0:*]
relation fortigate::vpn_ipsec_phase1_interface::Ipv6ExcludeRange ipv6_exclude_range [0:*]

The following implements statements select implementations for this entity:

entity fortigate::IpSecPhase2Interface

Parents: fortigate::base::VdomResource

attribute fortigate::vpn_ipsec_phase2_interface::add_route? add_route=null

Enable/disable automatic route addition. phase1:Add route according to phase1 add-route setting. enable:Add route for remote proxy ID. disable:Do not add route for remote proxy ID.

attribute fortigate::vpn_ipsec_phase2_interface::auto_discovery_forwarder? auto_discovery_forwarder=null

Enable/disable forwarding short-cut messages. phase1:Forward short-cut messages according to the phase1 auto-discovery-forwarder setting. enable:Enable forwarding auto-discovery short-cut messages. disable:Disable forwarding auto-discovery short-cut messages.

attribute fortigate::vpn_ipsec_phase2_interface::auto_discovery_sender? auto_discovery_sender=null

Enable/disable sending short-cut messages. phase1:Send short-cut messages according to the phase1 auto-discovery-sender setting. enable:Enable sending auto-discovery short-cut messages. disable:Disable sending auto-discovery short-cut messages.

attribute fortigate::common::enable_disable_t? auto_negotiate=null

Enable/disable IPsec SA auto-negotiation. enable:Enable setting. disable:Disable setting.

attribute fortigate::vpn_ipsec_phase2_interface::comments? comments=null

Comment.

attribute fortigate::common::enable_disable_t? dhcp_ipsec=null

Enable/disable DHCP-IPsec. enable:Enable setting. disable:Disable setting.

attribute fortigate::vpn_ipsec_phase2_interface::dhgrp? dhgrp=null

Phase2 DH group. 1:DH Group 1. 2:DH Group 2. 5:DH Group 5. 14:DH Group 14. 15:DH Group 15. 16:DH Group 16. 17:DH Group 17. 18:DH Group 18. 19:DH Group 19. 20:DH Group 20. 21:DH Group 21. 27:DH Group 27. 28:DH Group 28. 29:DH Group 29. 30:DH Group 30. 31:DH Group 31. 32:DH Group 32.

attribute fortigate::common::enable_disable_t? diffserv=null

Enable/disable applying DSCP value to the IPsec tunnel outer IP header. enable:Enable setting. disable:Disable setting.

attribute string? diffservcode=null

DSCP value to be applied to the IPsec tunnel outer IP header.

attribute fortigate::vpn_ipsec_phase2_interface::dst_addr_type? dst_addr_type=null

Remote proxy ID type. subnet:IPv4 subnet. range:IPv4 range. ip:IPv4 IP. name:IPv4 firewall address or group name. subnet6:IPv6 subnet. range6:IPv6 range. ip6:IPv6 IP. name6:IPv6 firewall address or group name.

attribute string? dst_end_ip=null

Remote proxy ID IPv4 end.

attribute string? dst_end_ip6=null

Remote proxy ID IPv6 end.

attribute fortigate::vpn_ipsec_phase2_interface::dst_name? dst_name=null

Remote proxy ID name.

attribute fortigate::vpn_ipsec_phase2_interface::dst_name6? dst_name6=null

Remote proxy ID name.

attribute fortigate::vpn_ipsec_phase2_interface::dst_port? dst_port=null

Quick mode destination port (1 - 65535 or 0 for all).

attribute string? dst_start_ip=null

Remote proxy ID IPv4 start.

attribute string? dst_start_ip6=null

Remote proxy ID IPv6 start.

attribute string? dst_subnet=null

Remote proxy ID IPv4 subnet.

attribute string? dst_subnet6=null

Remote proxy ID IPv6 subnet.

attribute fortigate::vpn_ipsec_phase2_interface::encapsulation? encapsulation=null

ESP encapsulation mode. tunnel-mode:Use tunnel mode encapsulation. transport-mode:Use transport mode encapsulation.

attribute fortigate::vpn_ipsec_phase2_interface::inbound_dscp_copy? inbound_dscp_copy=null

Enable/disable copying of the DSCP in the ESP header to the inner IP header. phase1:copy the DCSP in the ESP header to the inner IP Header according to the phase1 inbound_dscp_copy setting. enable:Enable copying of the DSCP in the ESP header to the inner IP header. disable:Disable copying of the DSCP in the ESP header to the inner IP header.

attribute fortigate::common::enable_disable_t? initiator_ts_narrow=null

Enable/disable traffic selector narrowing for IKEv2 initiator. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? ipv4_df=null

Enable/disable setting and resetting of IPv4 ‘Don’t Fragment’ bit. enable:Set IPv4 DF the same as original packet. disable:Reset IPv4 DF.

attribute fortigate::common::enable_disable_t? keepalive=null

Enable/disable keep alive. enable:Enable setting. disable:Disable setting.

attribute fortigate::vpn_ipsec_phase2_interface::keylife_type? keylife_type=null

Keylife type. seconds:Key life in seconds. kbs:Key life in kilobytes. both:Key life both.

attribute fortigate::vpn_ipsec_phase2_interface::keylifekbs? keylifekbs=null

Phase2 key life in number of kilobytes of traffic (5120 - 4294967295).

attribute fortigate::vpn_ipsec_phase2_interface::keylifeseconds? keylifeseconds=null

Phase2 key life in time in seconds (120 - 172800).

attribute fortigate::common::enable_disable_t? l2tp=null

Enable/disable L2TP over IPsec. enable:Enable L2TP over IPsec. disable:Disable L2TP over IPsec.

attribute fortigate::vpn_ipsec_phase2_interface::name name

IPsec tunnel name.

attribute fortigate::common::enable_disable_t? pfs=null

Enable/disable PFS feature. enable:Enable setting. disable:Disable setting.

attribute fortigate::vpn_ipsec_phase2_interface::phase1name? phase1name=null

Phase 1 determines the options required for phase 2.

attribute fortigate::vpn_ipsec_phase2_interface::proposal? proposal=null

Phase2 proposal. null-md5:null-md5 null-sha1:null-sha1 null-sha256:null-sha256 null-sha384:null-sha384 null-sha512:null-sha512 des-null:des-null des-md5:des-md5 des-sha1:des-sha1 des-sha256:des-sha256 des-sha384:des-sha384 des-sha512:des-sha512 3des-null:3des-null 3des-md5:3des-md5 3des-sha1:3des-sha1 3des-sha256:3des-sha256 3des-sha384:3des-sha384 3des-sha512:3des-sha512 aes128-null:aes128-null aes128-md5:aes128-md5 aes128-sha1:aes128-sha1 aes128-sha256:aes128-sha256 aes128-sha384:aes128-sha384 aes128-sha512:aes128-sha512 aes128gcm:aes128gcm aes192-null:aes192-null aes192-md5:aes192-md5 aes192-sha1:aes192-sha1 aes192-sha256:aes192-sha256 aes192-sha384:aes192-sha384 aes192-sha512:aes192-sha512 aes256-null:aes256-null aes256-md5:aes256-md5 aes256-sha1:aes256-sha1 aes256-sha256:aes256-sha256 aes256-sha384:aes256-sha384 aes256-sha512:aes256-sha512 aes256gcm:aes256gcm chacha20poly1305:chacha20poly1305 aria128-null:aria128-null aria128-md5:aria128-md5 aria128-sha1:aria128-sha1 aria128-sha256:aria128-sha256 aria128-sha384:aria128-sha384 aria128-sha512:aria128-sha512 aria192-null:aria192-null aria192-md5:aria192-md5 aria192-sha1:aria192-sha1 aria192-sha256:aria192-sha256 aria192-sha384:aria192-sha384 aria192-sha512:aria192-sha512 aria256-null:aria256-null aria256-md5:aria256-md5 aria256-sha1:aria256-sha1 aria256-sha256:aria256-sha256 aria256-sha384:aria256-sha384 aria256-sha512:aria256-sha512 seed-null:seed-null seed-md5:seed-md5 seed-sha1:seed-sha1 seed-sha256:seed-sha256 seed-sha384:seed-sha384 seed-sha512:seed-sha512

attribute fortigate::vpn_ipsec_phase2_interface::protocol? protocol=null

Quick mode protocol selector (1 - 255 or 0 for all).

attribute fortigate::common::enable_disable_t? replay=null

Enable/disable replay detection. enable:Enable setting. disable:Disable setting.

attribute fortigate::vpn_ipsec_phase2_interface::route_overlap? route_overlap=null

Action for overlapping routes. use-old:Use the old route and do not add the new route. use-new:Delete the old route and add the new route. allow:Allow overlapping routes.

attribute fortigate::common::enable_disable_t? single_source=null

Enable/disable single source IP restriction. enable:Only single source IP will be accepted. disable:Source IP range will be accepted.

attribute fortigate::vpn_ipsec_phase2_interface::src_addr_type? src_addr_type=null

Local proxy ID type. subnet:IPv4 subnet. range:IPv4 range. ip:IPv4 IP. name:IPv4 firewall address or group name. subnet6:IPv6 subnet. range6:IPv6 range. ip6:IPv6 IP. name6:IPv6 firewall address or group name.

attribute string? src_end_ip=null

Local proxy ID end.

attribute string? src_end_ip6=null

Local proxy ID IPv6 end.

attribute fortigate::vpn_ipsec_phase2_interface::src_name? src_name=null

Local proxy ID name.

attribute fortigate::vpn_ipsec_phase2_interface::src_name6? src_name6=null

Local proxy ID name.

attribute fortigate::vpn_ipsec_phase2_interface::src_port? src_port=null

Quick mode source port (1 - 65535 or 0 for all).

attribute string? src_start_ip=null

Local proxy ID start.

attribute string? src_start_ip6=null

Local proxy ID IPv6 start.

attribute string? src_subnet=null

Local proxy ID subnet.

attribute string? src_subnet6=null

Local proxy ID IPv6 subnet.

The following implements statements select implementations for this entity:

entity fortigate::Licence

Parents: fortigate::base::BaseResource

attribute string? proxy_url=null

HTTP proxy URL in the form: http://user:pass@proxyip:proxyport.

attribute string token

VM license token.

The following implements statements select implementations for this entity:

entity fortigate::LocalInPolicy

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall_local_in_policy::action? action=null

Action performed on traffic matching the policy (default = deny). accept:Allow traffic matching this policy. deny:Deny or block traffic matching this policy.

attribute fortigate::firewall_local_in_policy::comments? comments=null

Comment.

attribute fortigate::common::enable_disable_t? dstaddr_negate=null

When enabled dstaddr specifies what the destination address must NOT be. enable:Enable destination address negate. disable:Disable destination address negate.

attribute fortigate::common::enable_disable_t? ha_mgmt_intf_only=null

Enable/disable dedicating the HA management interface only for local-in policy. enable:Enable dedicating HA management interface only for local-in policy. disable:Disable dedicating HA management interface only for local-in policy.

attribute fortigate::firewall_local_in_policy::intf? intf=null

Incoming interface name from available options.

attribute fortigate::firewall_local_in_policy::policyid policyid

User defined local in policy ID.

attribute fortigate::firewall_local_in_policy::schedule? schedule=null

Schedule object from available options.

attribute fortigate::common::enable_disable_t? service_negate=null

When enabled service specifies what the service must NOT be. enable:Enable negated service match. disable:Disable negated service match.

attribute fortigate::common::enable_disable_t? srcaddr_negate=null

When enabled srcaddr specifies what the source address must NOT be. enable:Enable source address negate. disable:Disable source address negate.

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this local-in policy. enable:Enable this local-in policy. disable:Disable this local-in policy.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

attribute fortigate::common::enable_disable_t? virtual_patch=null

Enable/disable virtual patching. enable:Enable virtual patching. disable:Disable virtual patching. :rel dstaddr: :rel service: :rel srcaddr:

relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name service [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::LocalInPolicyRange parent [0:1]

other end: fortigate::base::LocalInPolicyRange.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::LocalInPolicy6

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall_local_in_policy6::action? action=null

Action performed on traffic matching the policy (default = deny). accept:Allow local-in traffic matching this policy. deny:Deny or block local-in traffic matching this policy.

attribute fortigate::firewall_local_in_policy6::comments? comments=null

Comment.

attribute fortigate::common::enable_disable_t? dstaddr_negate=null

When enabled dstaddr specifies what the destination address must NOT be. enable:Enable destination address negate. disable:Disable destination address negate.

attribute fortigate::firewall_local_in_policy6::intf? intf=null

Incoming interface name from available options.

attribute fortigate::firewall_local_in_policy6::policyid policyid

User defined local in policy ID.

attribute fortigate::firewall_local_in_policy6::schedule? schedule=null

Schedule object from available options.

attribute fortigate::common::enable_disable_t? service_negate=null

When enabled service specifies what the service must NOT be. enable:Enable negated service match. disable:Disable negated service match.

attribute fortigate::common::enable_disable_t? srcaddr_negate=null

When enabled srcaddr specifies what the source address must NOT be. enable:Enable source address negate. disable:Disable source address negate.

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this local-in policy. enable:Enable this local-in policy. disable:Disable this local-in policy.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

attribute fortigate::common::enable_disable_t? virtual_patch=null

Enable/disable the virtual patching feature. enable:Enable setting. disable:Disable setting. :rel dstaddr: :rel service: :rel srcaddr:

relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name service [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::LocalInPolicy6Range parent [0:1]

other end: fortigate::base::LocalInPolicy6Range.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::MulticastPolicy

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall_multicast_policy::action? action=null

Accept or deny traffic matching the policy. accept:Accept traffic matching the policy. deny:Deny or block traffic matching the policy.

attribute fortigate::common::enable_disable_t? auto_asic_offload=null

Enable/disable offloading policy traffic for hardware acceleration. enable:Enable hardware acceleration offloading. disable:Disable offloading for hardware acceleration.

attribute fortigate::firewall_multicast_policy::comments? comments=null

Comment.

attribute string? dnat=null

IPv4 DNAT address used for multicast destination addresses.

attribute fortigate::common::name_t? dstintf=null

Destination interface name.

attribute fortigate::firewall_multicast_policy::end_port? end_port=null

Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535, default = 1).

attribute fortigate::firewall_multicast_policy::id id

Policy ID ((0 - 4294967294).

attribute fortigate::common::enable_disable_t? logtraffic=null

Enable/disable logging traffic accepted by this policy. enable:Enable logging traffic accepted by this policy. disable:Disable logging traffic accepted by this policy.

attribute fortigate::firewall_multicast_policy::name? name=null

Policy name.

attribute fortigate::firewall_multicast_policy::protocol? protocol=null

Integer value for the protocol type as defined by IANA (0 - 255, default = 0).

attribute fortigate::common::enable_disable_t? snat=null

Enable/disable substitution of the outgoing interface IP address for the original source IP address (called source NAT or SNAT). enable:Enable source NAT. disable:Disable source NAT.

attribute string? snat_ip=null

IPv4 address to be used as the source address for NATed traffic.

attribute fortigate::common::name_t? srcintf=null

Source interface name.

attribute fortigate::firewall_multicast_policy::start_port? start_port=null

Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535, default = 1).

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this policy. enable:Enable this policy. disable:Disable this policy.

attribute fortigate::firewall_multicast_policy::traffic_shaper? traffic_shaper=null

Traffic shaper to apply to traffic forwarded by the multicast policy.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset). :rel dstaddr: :rel srcaddr:

relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::MulticastPolicyRange parent [0:1]

other end: fortigate::base::MulticastPolicyRange.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::MulticastPolicy6

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall_multicast_policy6::action? action=null

Accept or deny traffic matching the policy. accept:Accept. deny:Deny.

attribute fortigate::common::enable_disable_t? auto_asic_offload=null

Enable/disable offloading policy traffic for hardware acceleration. enable:Enable offloading policy traffic for hardware acceleration. disable:Disable offloading policy traffic for hardware acceleration.

attribute fortigate::firewall_multicast_policy6::comments? comments=null

Comment.

attribute fortigate::common::name_t? dstintf=null

IPv6 destination interface name.

attribute fortigate::firewall_multicast_policy6::end_port? end_port=null

Integer value for ending TCP/UDP/SCTP destination port in range (1 - 65535, default = 65535).

attribute fortigate::firewall_multicast_policy6::id id

Policy ID (0 - 4294967294).

attribute fortigate::common::enable_disable_t? logtraffic=null

Enable/disable logging traffic accepted by this policy. enable:Enable logging traffic accepted by this policy. disable:Disable logging traffic accepted by this policy.

attribute fortigate::firewall_multicast_policy6::name? name=null

Policy name.

attribute fortigate::firewall_multicast_policy6::protocol? protocol=null

Integer value for the protocol type as defined by IANA (0 - 255, default = 0).

attribute fortigate::common::name_t? srcintf=null

IPv6 source interface name.

attribute fortigate::firewall_multicast_policy6::start_port? start_port=null

Integer value for starting TCP/UDP/SCTP destination port in range (1 - 65535, default = 1).

attribute fortigate::common::enable_disable_t? status=null

Enable/disable this policy. enable:Enable this policy. disable:Disable this policy.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset). :rel dstaddr: :rel srcaddr:

relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::base::MulticastPolicy6Range parent [0:1]

other end: fortigate::base::MulticastPolicy6Range.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::Policy

Parents: fortigate::base::PolicyResource

attribute fortigate::firewall_policy::action? action=null

Policy action (accept/deny/ipsec). accept:Allows session that match the firewall policy. deny:Blocks sessions that match the firewall policy. ipsec:Firewall policy becomes a policy-based IPsec VPN policy.

attribute fortigate::common::enable_disable_t? anti_replay=null

Enable/disable anti-replay check. enable:Enable anti-replay check. disable:Disable anti-replay check.

attribute fortigate::firewall_policy::application_list? application_list=null

Name of an existing Application list.

attribute fortigate::firewall_policy::auth_cert? auth_cert=null

HTTPS server certificate for policy authentication.

attribute fortigate::common::enable_disable_t? auth_path=null

Enable/disable authentication-based routing. enable:Enable authentication-based routing. disable:Disable authentication-based routing.

attribute fortigate::firewall_policy::auth_redirect_addr? auth_redirect_addr=null

HTTP-to-HTTPS redirect address for firewall authentication.

attribute fortigate::common::enable_disable_t? auto_asic_offload=null

Enable/disable policy traffic ASIC offloading. enable:Enable auto ASIC offloading. disable:Disable ASIC offloading.

attribute fortigate::firewall_policy::av_profile? av_profile=null

Name of an existing Antivirus profile.

attribute fortigate::common::enable_disable_t? block_notification=null

Enable/disable block notification. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? captive_portal_exempt=null

Enable to exempt some users from the captive portal. enable:Enable exemption of captive portal. disable:Disable exemption of captive portal.

attribute fortigate::common::enable_disable_t? capture_packet=null

Enable/disable capture packets. enable:Enable capture packets. disable:Disable capture packets.

attribute fortigate::firewall_policy::cifs_profile? cifs_profile=null

Name of an existing CIFS profile.

attribute fortigate::firewall_policy::comments? comments=null

Comment.

attribute fortigate::firewall_policy::decrypted_traffic_mirror? decrypted_traffic_mirror=null

Decrypted traffic mirror.

attribute fortigate::common::enable_disable_t? delay_tcp_npu_session=null

Enable TCP NPU session delay to guarantee packet order of 3-way handshake. enable:Enable TCP NPU session delay in order to guarantee packet order of 3-way handshake. disable:Disable TCP NPU session delay in order to guarantee packet order of 3-way handshake.

attribute fortigate::common::enable_disable_t? diffserv_copy=null

Enable to copy packet’s DiffServ values from session’s original direction to its reply direction. enable:Enable DSCP copy. disable:Disable DSCP copy.

attribute fortigate::common::enable_disable_t? diffserv_forward=null

Enable to change packet’s DiffServ values to the specified diffservcode-forward value. enable:Enable setting forward (original) traffic Diffserv. disable:Disable setting forward (original) traffic Diffserv.

attribute fortigate::common::enable_disable_t? diffserv_reverse=null

Enable to change packet’s reverse (reply) DiffServ values to the specified diffservcode-rev value. enable:Enable setting reverse (reply) traffic DiffServ. disable:Disable setting reverse (reply) traffic DiffServ.

attribute string? diffservcode_forward=null

Change packet’s DiffServ to this value.

attribute string? diffservcode_rev=null

Change packet’s reverse (reply) DiffServ to this value.

attribute fortigate::common::enable_disable_t? disclaimer=null

Enable/disable user authentication disclaimer. enable:Enable user authentication disclaimer. disable:Disable user authentication disclaimer.

attribute fortigate::firewall_policy::dlp_profile? dlp_profile=null

Name of an existing DLP profile.

attribute fortigate::firewall_policy::dnsfilter_profile? dnsfilter_profile=null

Name of an existing DNS filter profile.

attribute fortigate::common::enable_disable_t? dsri=null

Enable DSRI to ignore HTTP server responses. enable:Enable DSRI. disable:Disable DSRI.

attribute fortigate::common::enable_disable_t? dstaddr6_negate=null

When enabled dstaddr6 specifies what the destination address must NOT be. enable:Enable IPv6 destination address negate. disable:Disable IPv6 destination address negate.

attribute fortigate::common::enable_disable_t? dstaddr_negate=null

When enabled dstaddr specifies what the destination address must NOT be. enable:Enable destination address negate. disable:Disable destination address negate.

attribute fortigate::common::enable_disable_t? dynamic_shaping=null

Enable/disable dynamic RADIUS defined traffic shaping. enable:Enable dynamic RADIUS defined traffic shaping. disable:Disable dynamic RADIUS defined traffic shaping.

attribute fortigate::common::enable_disable_t? email_collect=null

Enable/disable email collection. enable:Enable email collection. disable:Disable email collection.

attribute fortigate::firewall_policy::emailfilter_profile? emailfilter_profile=null

Name of an existing email filter profile.

attribute fortigate::common::enable_disable_t? fec=null

Enable/disable Forward Error Correction on traffic matching this policy on a FEC device. enable:Enable Forward Error Correction. disable:Disable Forward Error Correction.

attribute fortigate::firewall_policy::file_filter_profile? file_filter_profile=null

Name of an existing file-filter profile.

attribute fortigate::firewall_policy::firewall_session_dirty? firewall_session_dirty=null

How to handle sessions if the configuration of this firewall policy changes. check-all:Flush all current sessions accepted by this policy. These sessions must be started and re-matched with policies. check-new:Continue to allow sessions already accepted by this policy.

attribute fortigate::common::enable_disable_t? fixedport=null

Enable to prevent source NAT from changing a session’s source port. enable:Enable setting. disable:Disable setting.

attribute fortigate::firewall_policy::fsso_agent_for_ntlm? fsso_agent_for_ntlm=null

FSSO agent to use for NTLM authentication.

attribute fortigate::common::enable_disable_t? geoip_anycast=null

Enable/disable recognition of anycast IP addresses using the geography IP database. enable:Enable recognition of anycast IP addresses using the geography IP database. disable:Disable recognition of anycast IP addresses using the geography IP database.

attribute fortigate::firewall_policy::geoip_match? geoip_match=null

Match geography address based either on its physical location or registered location. physical-location:Match geography address to its physical location using the geography IP database. registered-location:Match geography address to its registered location using the geography IP database.

attribute fortigate::common::enable_disable_t? http_policy_redirect=null

Redirect HTTP(S) traffic to matching transparent web proxy policy. enable:Enable HTTP(S) policy redirect. disable:Disable HTTP(S) policy redirect.

attribute fortigate::firewall_policy::icap_profile? icap_profile=null

Name of an existing ICAP profile.

attribute fortigate::firewall_policy::identity_based_route? identity_based_route=null

Name of identity-based routing rule.

attribute fortigate::common::enable_disable_t? inbound=null

Policy-based IPsec VPN: only traffic from the remote network can initiate a VPN. enable:Enable setting. disable:Disable setting.

attribute fortigate::firewall_policy::inspection_mode? inspection_mode=null

Policy inspection mode (Flow/proxy). Default is Flow mode. proxy:Proxy based inspection. flow:Flow based inspection.

attribute fortigate::common::enable_disable_t? internet_service=null

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. enable:Enable use of Internet Services in policy. disable:Disable use of Internet Services in policy.

attribute fortigate::common::enable_disable_t? internet_service6=null

Enable/disable use of IPv6 Internet Services for this policy. If enabled, destination address and service are not used. enable:Enable use of IPv6 Internet Services in policy. disable:Disable use of IPv6 Internet Services in policy.

attribute fortigate::common::enable_disable_t? internet_service6_negate=null

When enabled internet-service6 specifies what the service must NOT be. enable:Enable negated IPv6 Internet Service match. disable:Disable negated IPv6 Internet Service match.

attribute fortigate::common::enable_disable_t? internet_service6_src=null

Enable/disable use of IPv6 Internet Services in source for this policy. If enabled, source address is not used. enable:Enable use of IPv6 Internet Services source in policy. disable:Disable use of IPv6 Internet Services source in policy.

attribute fortigate::common::enable_disable_t? internet_service6_src_negate=null

When enabled internet-service6-src specifies what the service must NOT be. enable:Enable negated IPv6 Internet Service source match. disable:Disable negated IPv6 Internet Service source match.

attribute fortigate::common::enable_disable_t? internet_service_negate=null

When enabled internet-service specifies what the service must NOT be. enable:Enable negated Internet Service match. disable:Disable negated Internet Service match.

attribute fortigate::common::enable_disable_t? internet_service_src=null

Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. enable:Enable use of Internet Services source in policy. disable:Disable use of Internet Services source in policy.

attribute fortigate::common::enable_disable_t? internet_service_src_negate=null

When enabled internet-service-src specifies what the service must NOT be. enable:Enable negated Internet Service source match. disable:Disable negated Internet Service source match.

attribute fortigate::common::enable_disable_t? ippool=null

Enable to use IP Pools for source NAT. enable:Enable setting. disable:Disable setting.

attribute fortigate::firewall_policy::ips_sensor? ips_sensor=null

Name of an existing IPS sensor.

attribute fortigate::firewall_policy::ips_voip_filter? ips_voip_filter=null

Name of an existing VoIP (ips) profile.

attribute fortigate::firewall_policy::logtraffic? logtraffic=null

Enable or disable logging. Log all sessions or security profile sessions. all:Log all sessions accepted or denied by this policy. utm:Log traffic that has a security profile applied to it. disable:Disable all logging for this policy.

attribute fortigate::common::enable_disable_t? logtraffic_start=null

Record logs when a session starts. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? match_vip=null

Enable to match packets that have had their destination addresses changed by a VIP. enable:Match DNATed packet. disable:Do not match DNATed packet.

attribute fortigate::common::enable_disable_t? match_vip_only=null

Enable/disable matching of only those packets that have had their destination addresses changed by a VIP. enable:Enable matching of only those packets that have had their destination addresses changed by a VIP. disable:Disable matching of only those packets that have had their destination addresses changed by a VIP.

attribute fortigate::firewall_policy::name? name=null

Policy name.

attribute fortigate::common::enable_disable_t? nat=null

Enable/disable source NAT. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? nat46=null

Enable/disable NAT46. enable:Enable NAT46. disable:Disable NAT46.

attribute fortigate::common::enable_disable_t? nat64=null

Enable/disable NAT64. enable:Enable NAT64. disable:Disable NAT64.

attribute fortigate::common::enable_disable_t? natinbound=null

Policy-based IPsec VPN: apply destination NAT to inbound traffic. enable:Enable setting. disable:Disable setting.

attribute string? natip=null

Policy-based IPsec VPN: source NAT IP address for outgoing traffic.

attribute fortigate::common::enable_disable_t? natoutbound=null

Policy-based IPsec VPN: apply source NAT to outbound traffic. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? np_acceleration=null

Enable/disable UTM Network Processor acceleration. enable:Enable UTM Network Processor acceleration. disable:Disable UTM Network Processor acceleration.

attribute fortigate::common::enable_disable_t? ntlm=null

Enable/disable NTLM authentication. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? ntlm_guest=null

Enable/disable NTLM guest user access. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? outbound=null

Policy-based IPsec VPN: only traffic from the internal network can initiate a VPN. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? passive_wan_health_measurement=null

Enable/disable passive WAN health measurement. When enabled, auto-asic-offload is disabled. enable:Enable Passive WAN health measurement. disable:Disable Passive WAN health measurement.

attribute fortigate::firewall_policy::per_ip_shaper? per_ip_shaper=null

Per-IP traffic shaper.

attribute fortigate::common::enable_disable_t? permit_any_host=null

Accept UDP packets from any host. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? permit_stun_host=null

Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? policy_expiry=null

Enable/disable policy expiry. enable:Enable policy expiry. disable:Disable polcy expiry.

attribute string? policy_expiry_date=null

Policy expiry date (YYYY-MM-DD HH:MM:SS).

attribute string? policy_expiry_date_utc=null

Policy expiry date and time, in epoch format.

attribute fortigate::firewall_policy::policyid policyid

Policy ID (0 - 4294967294).

attribute fortigate::firewall_policy::profile_group? profile_group=null

Name of profile group.

attribute fortigate::firewall_policy::profile_protocol_options? profile_protocol_options=null

Name of an existing Protocol options profile.

attribute fortigate::firewall_policy::profile_type? profile_type=null

Determine whether the firewall policy allows security profile groups or single profiles only. single:Do not allow security profile groups. group:Allow security profile groups.

attribute fortigate::common::enable_disable_t? radius_mac_auth_bypass=null

Enable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server. enable:Enable MAC authentication bypass. disable:Disable MAC authentication bypass.

attribute fortigate::firewall_policy::redirect_url? redirect_url=null

URL users are directed to after seeing and accepting the disclaimer or authenticating.

attribute fortigate::firewall_policy::replacemsg_override_group? replacemsg_override_group=null

Override the default replacement message group for this policy.

attribute fortigate::firewall_policy::reputation_direction? reputation_direction=null

Direction of the initial traffic for reputation to take effect. source:Check reputation for source address. destination:Check reputation for destination address.

attribute fortigate::firewall_policy::reputation_direction6? reputation_direction6=null

Direction of the initial traffic for IPv6 reputation to take effect. source:Check reputation for IPv6 source address. destination:Check reputation for IPv6 destination address.

attribute fortigate::firewall_policy::reputation_minimum? reputation_minimum=null

Minimum Reputation to take action.

attribute fortigate::firewall_policy::reputation_minimum6? reputation_minimum6=null

IPv6 Minimum Reputation to take action.

attribute fortigate::common::enable_disable_t? rtp_nat=null

Enable Real Time Protocol (RTP) NAT. disable:Disable setting. enable:Enable setting.

attribute fortigate::firewall_policy::schedule? schedule=null

Schedule name.

attribute fortigate::common::enable_disable_t? schedule_timeout=null

Enable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity. enable:Enable schedule timeout. disable:Disable schedule timeout.

attribute fortigate::firewall_policy::sctp_filter_profile? sctp_filter_profile=null

Name of an existing SCTP filter profile.

attribute fortigate::common::enable_disable_t? send_deny_packet=null

Enable to send a reply when a session is denied or blocked by a firewall policy. disable:Disable deny-packet sending. enable:Enable deny-packet sending.

attribute fortigate::common::enable_disable_t? service_negate=null

When enabled service specifies what the service must NOT be. enable:Enable negated service match. disable:Disable negated service match.

attribute string? session_ttl=null

TTL in seconds for sessions accepted by this policy (0 means use the system default session TTL).

attribute fortigate::common::enable_disable_t? sgt_check=null

Enable/disable security group tags (SGT) check. enable:Enable SGT check. disable:Disable SGT check.

attribute fortigate::common::enable_disable_t? srcaddr6_negate=null

When enabled srcaddr6 specifies what the source address must NOT be. enable:Enable IPv6 source address negate. disable:Disable IPv6 source address negate.

attribute fortigate::common::enable_disable_t? srcaddr_negate=null

When enabled srcaddr specifies what the source address must NOT be. enable:Enable source address negate. disable:Disable source address negate.

attribute fortigate::firewall_policy::ssh_filter_profile? ssh_filter_profile=null

Name of an existing SSH filter profile.

attribute fortigate::common::enable_disable_t? ssh_policy_redirect=null

Redirect SSH traffic to matching transparent proxy policy. enable:Enable SSH policy redirect. disable:Disable SSH policy redirect.

attribute fortigate::firewall_policy::ssl_ssh_profile? ssl_ssh_profile=null

Name of an existing SSL SSH profile.

attribute fortigate::common::enable_disable_t? status=null

Enable or disable this policy. enable:Enable setting. disable:Disable setting.

attribute fortigate::firewall_policy::tcp_mss_receiver? tcp_mss_receiver=null

Receiver TCP maximum segment size (MSS).

attribute fortigate::firewall_policy::tcp_mss_sender? tcp_mss_sender=null

Sender TCP maximum segment size (MSS).

attribute fortigate::firewall_policy::tcp_session_without_syn? tcp_session_without_syn=null

Enable/disable creation of TCP session without SYN flag. all:Enable TCP session without SYN. data-only:Enable TCP session data only. disable:Disable TCP session without SYN.

attribute fortigate::common::enable_disable_t? timeout_send_rst=null

Enable/disable sending RST packets when TCP sessions expire. enable:Enable sending of RST packet upon TCP session expiration. disable:Disable sending of RST packet upon TCP session expiration.

attribute string? tos=null

ToS (Type of Service) value used for comparison.

attribute string? tos_mask=null

Non-zero bit positions are used for comparison while zero bit positions are ignored.

attribute fortigate::common::enable_disable_t? tos_negate=null

Enable negated TOS match. enable:Enable TOS match negate. disable:Disable TOS match negate.

attribute fortigate::firewall_policy::traffic_shaper? traffic_shaper=null

Traffic shaper.

attribute fortigate::firewall_policy::traffic_shaper_reverse? traffic_shaper_reverse=null

Reverse traffic shaper.

attribute fortigate::common::enable_disable_t? utm_status=null

Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. enable:Enable setting. disable:Disable setting.

attribute string? uuid=null

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

attribute fortigate::firewall_policy::videofilter_profile? videofilter_profile=null

Name of an existing VideoFilter profile.

attribute fortigate::firewall_policy::vlan_cos_fwd? vlan_cos_fwd=null

VLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.

attribute fortigate::firewall_policy::vlan_cos_rev? vlan_cos_rev=null

VLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.

attribute string? vlan_filter=null

VLAN ranges to allow

attribute fortigate::firewall_policy::voip_profile? voip_profile=null

Name of an existing VoIP (voipd) profile.

attribute fortigate::firewall_policy::vpntunnel? vpntunnel=null

Policy-based IPsec VPN: name of the IPsec VPN Phase 1.

attribute fortigate::firewall_policy::waf_profile? waf_profile=null

Name of an existing Web application firewall profile.

attribute fortigate::common::enable_disable_t? wanopt=null

Enable/disable WAN optimization. enable:Enable setting. disable:Disable setting.

attribute fortigate::firewall_policy::wanopt_detection? wanopt_detection=null

WAN optimization auto-detection mode. active:Active WAN optimization peer auto-detection. passive:Passive WAN optimization peer auto-detection. off:Turn off WAN optimization peer auto-detection.

attribute fortigate::firewall_policy::wanopt_passive_opt? wanopt_passive_opt=null

WAN optimization passive mode options. This option decides what IP address will be used to connect server. default:Allow client side WAN opt peer to decide. transparent:Use address of client to connect to server. non-transparent:Use local FortiGate address to connect to server.

attribute fortigate::firewall_policy::wanopt_peer? wanopt_peer=null

WAN optimization peer.

attribute fortigate::firewall_policy::wanopt_profile? wanopt_profile=null

WAN optimization profile.

attribute fortigate::common::enable_disable_t? wccp=null

Enable/disable forwarding traffic matching this policy to a configured WCCP server. enable:Enable WCCP setting. disable:Disable WCCP setting.

attribute fortigate::common::enable_disable_t? webcache=null

Enable/disable web cache. enable:Enable setting. disable:Disable setting.

attribute fortigate::common::enable_disable_t? webcache_https=null

Enable/disable web cache for HTTPS. disable:Disable web cache for HTTPS. enable:Enable web cache for HTTPS.

attribute fortigate::firewall_policy::webfilter_profile? webfilter_profile=null

Name of an existing Web filter profile.

attribute fortigate::firewall_policy::webproxy_forward_server? webproxy_forward_server=null

Webproxy forward server name.

attribute fortigate::firewall_policy::webproxy_profile? webproxy_profile=null

Webproxy profile name.

attribute fortigate::common::enable_disable_t? ztna_device_ownership=null

Enable/disable zero trust device ownership. enable:Enable ZTNA device ownership check. disable:Disable ZTNA device ownership check.

attribute fortigate::common::enable_disable_t? ztna_policy_redirect=null

Redirect ZTNA traffic to matching Access-Proxy proxy-policy. enable:Enable ZTNA proxy-policy redirect. disable:Disable ZTNA proxy-policy redirect.

attribute fortigate::common::enable_disable_t? ztna_status=null

Enable/disable zero trust access. enable:Enable zero trust network access. disable:Disable zero trust network access.

attribute fortigate::firewall_policy::ztna_tags_match_logic? ztna_tags_match_logic=null

ZTNA tag matching logic. or:Match ZTNA tags using a logical OR operator. and:Match ZTNA tags using a logical AND operator. :rel custom_log_fields: :rel dstaddr: :rel dstaddr6: :rel dstintf: :rel fsso_groups: :rel groups: :rel internet_service6_custom: :rel internet_service6_custom_group: :rel internet_service6_group: :rel internet_service6_name: :rel internet_service6_src_custom: :rel internet_service6_src_custom_group: :rel internet_service6_src_group: :rel internet_service6_src_name: :rel internet_service_custom: :rel internet_service_custom_group: :rel internet_service_group: :rel internet_service_name: :rel internet_service_src_custom: :rel internet_service_src_custom_group: :rel internet_service_src_group: :rel internet_service_src_name: :rel network_service_dynamic: :rel network_service_src_dynamic: :rel ntlm_enabled_browsers: :rel poolname: :rel poolname6: :rel rtp_addr: :rel service: :rel sgt: :rel src_vendor_mac: :rel srcaddr: :rel srcaddr6: :rel srcintf: :rel users: :rel ztna_ems_tag: :rel ztna_geo_tag:

relation fortigate::firewall_policy::CustomLogFields custom_log_fields [0:*]
relation fortigate::common::Name dstaddr [0:*]
relation fortigate::common::Name dstaddr6 [0:*]
relation fortigate::common::Name dstintf [0:*]
relation fortigate::firewall_policy::FssoGroups fsso_groups [0:*]
relation fortigate::firewall_policy::Groups groups [0:*]
relation fortigate::firewall_policy::InternetService6Custom internet_service6_custom [0:*]
relation fortigate::firewall_policy::InternetService6CustomGroup internet_service6_custom_group [0:*]
relation fortigate::firewall_policy::InternetService6Group internet_service6_group [0:*]
relation fortigate::firewall_policy::InternetService6Name internet_service6_name [0:*]
relation fortigate::firewall_policy::InternetService6SrcCustom internet_service6_src_custom [0:*]
relation fortigate::firewall_policy::InternetService6SrcCustomGroup internet_service6_src_custom_group [0:*]
relation fortigate::firewall_policy::InternetService6SrcGroup internet_service6_src_group [0:*]
relation fortigate::firewall_policy::InternetService6SrcName internet_service6_src_name [0:*]
relation fortigate::firewall_policy::InternetServiceCustom internet_service_custom [0:*]
relation fortigate::firewall_policy::InternetServiceCustomGroup internet_service_custom_group [0:*]
relation fortigate::firewall_policy::InternetServiceGroup internet_service_group [0:*]
relation fortigate::firewall_policy::InternetServiceName internet_service_name [0:*]
relation fortigate::firewall_policy::InternetServiceSrcCustom internet_service_src_custom [0:*]
relation fortigate::firewall_policy::InternetServiceSrcCustomGroup internet_service_src_custom_group [0:*]
relation fortigate::firewall_policy::InternetServiceSrcGroup internet_service_src_group [0:*]
relation fortigate::firewall_policy::InternetServiceSrcName internet_service_src_name [0:*]
relation fortigate::firewall_policy::NetworkServiceDynamic network_service_dynamic [0:*]
relation fortigate::firewall_policy::NetworkServiceSrcDynamic network_service_src_dynamic [0:*]
relation fortigate::firewall_policy::NtlmEnabledBrowsers ntlm_enabled_browsers [0:*]
relation fortigate::firewall_policy::Poolname poolname [0:*]
relation fortigate::firewall_policy::Poolname6 poolname6 [0:*]
relation fortigate::firewall_policy::RtpAddr rtp_addr [0:*]
relation fortigate::common::Name service [0:*]
relation fortigate::firewall_policy::Sgt sgt [0:*]
relation fortigate::firewall_policy::SrcVendorMac src_vendor_mac [0:*]
relation fortigate::common::Name srcaddr [0:*]
relation fortigate::common::Name srcaddr6 [0:*]
relation fortigate::common::Name srcintf [0:*]
relation fortigate::firewall_policy::Users users [0:*]
relation fortigate::firewall_policy::ZtnaEmsTag ztna_ems_tag [0:*]
relation fortigate::firewall_policy::ZtnaGeoTag ztna_geo_tag [0:*]
relation fortigate::base::PolicyRange parent [0:1]

other end: fortigate::base::PolicyRange.policies [0:*]

The following implements statements select implementations for this entity:

entity fortigate::PrefixList

Parents: fortigate::base::VdomResource

attribute fortigate::router_prefix_list::comments? comments=null

Comment.

attribute fortigate::router_prefix_list::name name

Name. :rel rule:

relation fortigate::router_prefix_list::Rule rule [0:*]

The following implements statements select implementations for this entity:

entity fortigate::SDWan

Parents: fortigate::base::VdomResource

attribute fortigate::system_sdwan::duplication_max_num? duplication_max_num=null

Maximum number of interface members a packet is duplicated in the SD-WAN zone (2 - 4, default = 2; if set to 3, the original packet plus 2 more copies are created).

attribute fortigate::common::enable_disable_t? fail_detect=null

Enable/disable SD-WAN Internet connection status checking (failure detection). enable:Enable status checking. disable:Disable status checking.

attribute fortigate::system_sdwan::load_balance_mode? load_balance_mode=null

Algorithm or mode to use for load balancing Internet traffic to SD-WAN members. source-ip-based:Source IP load balancing. All traffic from a source IP is sent to the same interface. weight-based:Weight-based load balancing. Interfaces with higher weights have higher priority and get more traffic. usage-based:Usage-based load balancing. All traffic is sent to the first interface on the list. When the bandwidth on that interface exceeds the spill-over limit new traffic is sent to the next interface. source-dest-ip-based:Source and destination IP load balancing. All traffic from a source IP to a destination IP is sent to the same interface. measured-volume-based:Volume-based load balancing. Traffic is load balanced based on traffic volume (in bytes). More traffic is sent to interfaces with higher volume ratios.

attribute fortigate::system_sdwan::neighbor_hold_boot_time? neighbor_hold_boot_time=null

Waiting period in seconds when switching from the primary neighbor to the secondary neighbor from the neighbor start. (0 - 10000000, default = 0).

attribute fortigate::common::enable_disable_t? neighbor_hold_down=null

Enable/disable hold switching from the secondary neighbor to the primary neighbor. enable:Enable hold switching from the secondary neighbor to the primary neighbor. disable:Disable hold switching from the secondary neighbor to the primary neighbor.

attribute fortigate::system_sdwan::neighbor_hold_down_time? neighbor_hold_down_time=null

Waiting period in seconds when switching from the secondary neighbor to the primary neighbor when hold-down is disabled. (0 - 10000000, default = 0).

attribute fortigate::common::enable_disable_t? speedtest_bypass_routing=null

Enable/disable bypass routing when speedtest on a SD-WAN member. disable:Disable SD-WAN. enable:Enable SD-WAN.

attribute fortigate::common::enable_disable_t? status=null

Enable/disable SD-WAN. disable:Disable SD-WAN. enable:Enable SD-WAN. :rel duplication: :rel fail_alert_interfaces: :rel health_check: :rel members: :rel neighbor: :rel service: :rel zone:

relation fortigate::system_sdwan::Duplication duplication [0:*]
relation fortigate::system_sdwan::FailAlertInterfaces fail_alert_interfaces [0:*]
relation fortigate::system_sdwan::HealthCheck health_check [0:*]
relation fortigate::system_sdwan::Members members [0:*]
relation fortigate::system_sdwan::Neighbor neighbor [0:*]
relation fortigate::system_sdwan::Service service [0:*]
relation fortigate::system_sdwan::Zone zone [0:*]

The following implements statements select implementations for this entity:

entity fortigate::Settings

Parents: fortigate::base::VdomResource

attribute fortigate::common::enable_disable_t? allow_linkdown_path=null

Enable/disable link down path. enable:Allow link down path. disable:Do not allow link down path.

attribute fortigate::common::enable_disable_t? allow_subnet_overlap=null

Enable/disable allowing interface subnets to use overlapping IP addresses. enable:Enable overlapping subnets. disable:Disable overlapping subnets.

attribute fortigate::common::enable_disable_t? application_bandwidth_tracking=null

Enable/disable application bandwidth tracking. disable:Disable application bandwidth tracking. enable:Enable application bandwidth tracking.

attribute fortigate::common::enable_disable_t? asymroute=null

Enable/disable IPv4 asymmetric routing. enable:Enable IPv4 asymmetric routing. disable:Disable IPv4 asymmetric routing.

attribute fortigate::common::enable_disable_t? asymroute6=null

Enable/disable asymmetric IPv6 routing. enable:Enable asymmetric IPv6 routing. disable:Disable asymmetric IPv6 routing.

attribute fortigate::common::enable_disable_t? asymroute6_icmp=null

Enable/disable asymmetric ICMPv6 routing. enable:Enable asymmetric ICMPv6 routing. disable:Disable asymmetric ICMPv6 routing.

attribute fortigate::common::enable_disable_t? asymroute_icmp=null

Enable/disable ICMP asymmetric routing. enable:Enable ICMP asymmetric routing. disable:Disable ICMP asymmetric routing.

attribute fortigate::common::enable_disable_t? auxiliary_session=null

Enable/disable auxiliary session. enable:Enable auxiliary session for this VDOM. disable:Disable auxiliary session for this VDOM.

attribute fortigate::common::enable_disable_t? bfd=null

Enable/disable Bi-directional Forwarding Detection (BFD) on all interfaces. enable:Enable Bi-directional Forwarding Detection (BFD) on all interfaces. disable:Disable Bi-directional Forwarding Detection (BFD) on all interfaces.

attribute fortigate::system_settings::bfd_desired_min_tx? bfd_desired_min_tx=null

BFD desired minimal transmit interval (1 - 100000 ms, default = 250).

attribute fortigate::system_settings::bfd_detect_mult? bfd_detect_mult=null

BFD detection multiplier (1 - 50, default = 3).

attribute fortigate::common::enable_disable_t? bfd_dont_enforce_src_port=null

Enable to not enforce verifying the source port of BFD Packets. enable:Enable verifying the source port of BFD Packets. disable:Disable verifying the source port of BFD Packets.

attribute fortigate::system_settings::bfd_required_min_rx? bfd_required_min_rx=null

BFD required minimal receive interval (1 - 100000 ms, default = 250).

attribute fortigate::common::enable_disable_t? block_land_attack=null

Enable/disable blocking of land attacks. disable:Do not block land attack. enable:Block land attack.

attribute fortigate::common::enable_disable_t? central_nat=null

Enable/disable central NAT. enable:Enable central NAT. disable:Disable central NAT.

attribute fortigate::system_settings::comments? comments=null

VDOM comments.

attribute fortigate::common::enable_disable_t? default_app_port_as_service=null

Enable/disable policy service enforcement based on application default ports. enable:Enable setting. disable:Disable setting.

attribute fortigate::system_settings::default_policy_expiry_days? default_policy_expiry_days=null

Default policy expiry in days (0 - 365 days, default = 30).

attribute fortigate::system_settings::default_voip_alg_mode? default_voip_alg_mode=null

Configure how the FortiGate handles VoIP traffic when a policy that accepts the traffic doesn’t include a VoIP profile. proxy-based:Use a default proxy-based VoIP ALG. kernel-helper-based:Use the SIP session helper.

attribute fortigate::common::enable_disable_t? deny_tcp_with_icmp=null

Enable/disable denying TCP by sending an ICMP communication prohibited packet. enable:Deny TCP with ICMP. disable:Disable denying TCP with ICMP.

attribute fortigate::common::enable_disable_t? detect_unknown_esp=null

Enable/disable detection of unknown ESP packets (default = enable). enable:Enable detection of unknown ESP packets and drop the ESP packet if it’s unknown. disable:Disable detection of unknown ESP packets.

attribute fortigate::system_settings::device? device=null

Interface to use for management access for NAT mode.

attribute string? dhcp6_server_ip=null

DHCPv6 server IPv6 address.

attribute fortigate::common::enable_disable_t? dhcp_proxy=null

Enable/disable the DHCP Proxy. enable:Enable the DHCP proxy. disable:Disable the DHCP proxy.

attribute fortigate::system_settings::dhcp_proxy_interface? dhcp_proxy_interface=null

Specify outgoing interface to reach server.

attribute fortigate::system_settings::dhcp_proxy_interface_select_method? dhcp_proxy_interface_select_method=null

Specify how to select outgoing interface to reach server. auto:Set outgoing interface automatically. sdwan:Set outgoing interface by SD-WAN or policy routing rules. specify:Set outgoing interface manually.

attribute string? dhcp_server_ip=null

DHCP Server IPv4 address.

attribute fortigate::system_settings::discovered_device_timeout? discovered_device_timeout=null

Timeout for discovered devices (1 - 365 days, default = 28).

attribute fortigate::common::enable_disable_t? dyn_addr_session_check=null

Enable/disable dirty session check caused by dynamic address updates. enable:Enable dirty session check caused by dynamic address updates. disable:Disable dirty session check caused by dynamic address updates.

attribute fortigate::system_settings::ecmp_max_paths? ecmp_max_paths=null

Maximum number of Equal Cost Multi-Path (ECMP) next-hops. Set to 1 to disable ECMP routing (1 - 255, default = 255).

attribute fortigate::common::enable_disable_t? email_portal_check_dns=null

Enable/disable using DNS to validate email addresses collected by a captive portal. disable:Disable email address checking with DNS. enable:Enable email address checking with DNS.

attribute fortigate::common::enable_disable_t? ext_resource_session_check=null

Enable/disable dirty session check caused by external resource updates. enable:Enable dirty session check caused by external resource updates. disable:Disable dirty session check caused by external resource updates.

attribute fortigate::system_settings::firewall_session_dirty? firewall_session_dirty=null

Select how to manage sessions affected by firewall policy configuration changes. check-all:All sessions affected by a firewall policy change are flushed from the session table. When new packets are recived they are re-evaluated by stateful inspection and re-added to the session table. check-new:Estabished sessions for changed firewall policies continue without being affected by the policy configuration change. New sessions are evaluated according to the new firewall policy configuration. check-policy-option:Sessions are managed individually depending on the firewall policy. Some sessions may restart. Some may continue.

attribute fortigate::common::enable_disable_t? fqdn_session_check=null

Enable/disable dirty session check caused by FQDN updates. enable:Enable dirty session check caused by FQDN updates. disable:Disable dirty session check caused by FQDN updates.

attribute fortigate::common::enable_disable_t? fw_session_hairpin=null

Enable/disable checking for a matching policy each time hairpin traffic goes through the FortiGate. enable:Perform a policy check every time. disable:Perform a policy check only the first time the session is received.

attribute string? gateway=null

Transparent mode IPv4 default gateway IP address.

attribute string? gateway6=null

Transparent mode IPv4 default gateway IP address.

attribute fortigate::common::enable_disable_t? gui_advanced_policy=null

Enable/disable advanced policy configuration on the GUI. enable:Enable advanced policy configuration on the GUI. disable:Disable advanced policy configuration on the GUI.

attribute fortigate::common::enable_disable_t? gui_advanced_wireless_features=null

Enable/disable advanced wireless features in GUI. enable:Enable advanced wireless features in GUI. disable:Disable advanced wireless features in GUI.

attribute fortigate::common::enable_disable_t? gui_allow_unnamed_policy=null

Enable/disable the requirement for policy naming on the GUI. enable:Enable the requirement for policy naming on the GUI. disable:Disable the requirement for policy naming on the GUI.

attribute fortigate::common::enable_disable_t? gui_antivirus=null

Enable/disable AntiVirus on the GUI. enable:Enable AntiVirus on the GUI. disable:Disable AntiVirus on the GUI.

attribute fortigate::common::enable_disable_t? gui_ap_profile=null

Enable/disable FortiAP profiles on the GUI. enable:Enable FortiAP profiles on the GUI. disable:Disable FortiAP profiles on the GUI.

attribute fortigate::common::enable_disable_t? gui_application_control=null

Enable/disable application control on the GUI. enable:Enable application control on the GUI. disable:Disable application control on the GUI.

attribute fortigate::common::enable_disable_t? gui_dhcp_advanced=null

Enable/disable advanced DHCP options on the GUI. enable:Enable advanced DHCP options on the GUI. disable:Disable advanced DHCP options on the GUI.

attribute fortigate::common::enable_disable_t? gui_dlp_profile=null

Enable/disable Data Leak Prevention on the GUI. enable:Enable Data Leak Prevention on the GUI. disable:Disable Data Leak Prevention on the GUI.

attribute fortigate::common::enable_disable_t? gui_dns_database=null

Enable/disable DNS database settings on the GUI. enable:Enable DNS database settings on the GUI. disable:Disable DNS database settings on the GUI.

attribute fortigate::common::enable_disable_t? gui_dnsfilter=null

Enable/disable DNS Filtering on the GUI. enable:Enable DNS Filtering on the GUI. disable:Disable DNS Filtering on the GUI.

attribute fortigate::common::enable_disable_t? gui_dos_policy=null

Enable/disable DoS policies on the GUI. enable:Enable DoS policies on the GUI. disable:Disable DoS policies on the GUI.

attribute fortigate::common::enable_disable_t? gui_dynamic_routing=null

Enable/disable dynamic routing on the GUI. enable:Enable dynamic routing on the GUI. disable:Disable dynamic routing on the GUI.

attribute fortigate::common::enable_disable_t? gui_email_collection=null

Enable/disable email collection on the GUI. enable:Enable email collection on the GUI. disable:Disable email collection on the GUI.

attribute fortigate::common::enable_disable_t? gui_endpoint_control=null

Enable/disable endpoint control on the GUI. enable:Enable endpoint control on the GUI. disable:Disable endpoint control on the GUI.

attribute fortigate::common::enable_disable_t? gui_endpoint_control_advanced=null

Enable/disable advanced endpoint control options on the GUI. enable:Enable advanced endpoint control options on the GUI. disable:Disable advanced endpoint control options on the GUI.

attribute fortigate::system_settings::gui_enforce_change_summary? gui_enforce_change_summary=null

Enforce change summaries for select tables in the GUI. disable:No change summary requirement. require:Change summary required. optional:Change summary optional.

attribute fortigate::common::enable_disable_t? gui_explicit_proxy=null

Enable/disable the explicit proxy on the GUI. enable:Enable the explicit proxy on the GUI. disable:Disable the explicit proxy on the GUI.

attribute fortigate::common::enable_disable_t? gui_file_filter=null

Enable/disable File-filter on the GUI. enable:Enable File-filter on the GUI. disable:Disable File-filter on the GUI.

attribute fortigate::common::enable_disable_t? gui_fortiap_split_tunneling=null

Enable/disable FortiAP split tunneling on the GUI. enable:Enable FortiAP split tunneling on the GUI. disable:Disable FortiAP split tunneling on the GUI.

attribute fortigate::common::enable_disable_t? gui_fortiextender_controller=null

Enable/disable FortiExtender on the GUI. enable:Enable FortiExtender on the GUI. disable:Disable FortiExtender on the GUI.

attribute fortigate::common::enable_disable_t? gui_icap=null

Enable/disable ICAP on the GUI. enable:Enable ICAP on the GUI. disable:Disable ICAP on the GUI.

attribute fortigate::common::enable_disable_t? gui_implicit_policy=null

Enable/disable implicit firewall policies on the GUI. enable:Enable implicit firewall policies on the GUI. disable:Disable implicit firewall policies on the GUI.

attribute fortigate::common::enable_disable_t? gui_ips=null

Enable/disable IPS on the GUI. enable:Enable IPS on the GUI. disable:Disable IPS on the GUI.

attribute fortigate::common::enable_disable_t? gui_load_balance=null

Enable/disable server load balancing on the GUI. enable:Enable server load balancing on the GUI. disable:Disable server load balancing on the GUI.

attribute fortigate::common::enable_disable_t? gui_local_in_policy=null

Enable/disable Local-In policies on the GUI. enable:Enable Local-In policies on the GUI. disable:Disable Local-In policies on the GUI.

attribute fortigate::common::enable_disable_t? gui_multicast_policy=null

Enable/disable multicast firewall policies on the GUI. enable:Enable multicast firewall policies on the GUI. disable:Disable multicast firewall policies on the GUI.

attribute fortigate::common::enable_disable_t? gui_multiple_interface_policy=null

Enable/disable adding multiple interfaces to a policy on the GUI. enable:Enable adding multiple interfaces to a policy on the GUI. disable:Disable adding multiple interfaces to a policy on the GUI.

attribute fortigate::common::enable_disable_t? gui_object_colors=null

Enable/disable object colors on the GUI. enable:Enable object colors on the GUI. disable:Disable object colors on the GUI.

attribute fortigate::common::enable_disable_t? gui_ot=null

Enable/disable Operational technology features on the GUI. enable:Enable Operational technology features on the GUI. disable:Disable Operational technology features on the GUI.