Fortios v0.0.6, Jul 9 24

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/ipsec.Phase1

Explore with Pulumi AI

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";

const trnamex1 = new fortios.vpn.ipsec.Phase1("trnamex1", {
    acctVerify: "disable",
    addGwRoute: "disable",
    addRoute: "disable",
    assignIp: "enable",
    assignIpFrom: "range",
    authmethod: "psk",
    autoNegotiate: "enable",
    certIdValidation: "enable",
    childlessIke: "disable",
    clientAutoNegotiate: "disable",
    clientKeepAlive: "disable",
    dhgrp: "14 5",
    digitalSignatureAuth: "disable",
    distance: 15,
    dnsMode: "manual",
    dpd: "on-demand",
    dpdRetrycount: 3,
    dpdRetryinterval: "20",
    eap: "disable",
    eapIdentity: "use-id-payload",
    enforceUniqueId: "disable",
    forticlientEnforcement: "disable",
    fragmentation: "enable",
    fragmentationMtu: 1200,
    groupAuthentication: "disable",
    haSyncEspSeqno: "enable",
    idleTimeout: "disable",
    idleTimeoutinterval: 15,
    ikeVersion: "1",
    includeLocalLan: "disable",
    "interface": "port4",
    ipv4DnsServer1: "0.0.0.0",
    ipv4DnsServer2: "0.0.0.0",
    ipv4DnsServer3: "0.0.0.0",
    ipv4EndIp: "0.0.0.0",
    ipv4Netmask: "255.255.255.255",
    ipv4StartIp: "0.0.0.0",
    ipv4WinsServer1: "0.0.0.0",
    ipv4WinsServer2: "0.0.0.0",
    ipv6DnsServer1: "::",
    ipv6DnsServer2: "::",
    ipv6DnsServer3: "::",
    ipv6EndIp: "::",
    ipv6Prefix: 128,
    ipv6StartIp: "::",
    keepalive: 10,
    keylife: 86400,
    localGw: "0.0.0.0",
    localidType: "auto",
    meshSelectorType: "disable",
    mode: "main",
    modeCfg: "disable",
    nattraversal: "enable",
    negotiateTimeout: 30,
    peertype: "any",
    ppk: "disable",
    priority: 0,
    proposal: "aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
    psksecret: "dewcEde2112",
    reauth: "disable",
    rekey: "enable",
    remoteGw: "1.1.1.1",
    rsaSignatureFormat: "pkcs1",
    savePassword: "disable",
    sendCertChain: "enable",
    signatureHashAlg: "sha2-512 sha2-384 sha2-256 sha1",
    suiteB: "disable",
    type: "static",
    unitySupport: "enable",
    wizardType: "custom",
    xauthtype: "disable",
});

import pulumi
import pulumiverse_fortios as fortios

trnamex1 = fortios.vpn.ipsec.Phase1("trnamex1",
    acct_verify="disable",
    add_gw_route="disable",
    add_route="disable",
    assign_ip="enable",
    assign_ip_from="range",
    authmethod="psk",
    auto_negotiate="enable",
    cert_id_validation="enable",
    childless_ike="disable",
    client_auto_negotiate="disable",
    client_keep_alive="disable",
    dhgrp="14 5",
    digital_signature_auth="disable",
    distance=15,
    dns_mode="manual",
    dpd="on-demand",
    dpd_retrycount=3,
    dpd_retryinterval="20",
    eap="disable",
    eap_identity="use-id-payload",
    enforce_unique_id="disable",
    forticlient_enforcement="disable",
    fragmentation="enable",
    fragmentation_mtu=1200,
    group_authentication="disable",
    ha_sync_esp_seqno="enable",
    idle_timeout="disable",
    idle_timeoutinterval=15,
    ike_version="1",
    include_local_lan="disable",
    interface="port4",
    ipv4_dns_server1="0.0.0.0",
    ipv4_dns_server2="0.0.0.0",
    ipv4_dns_server3="0.0.0.0",
    ipv4_end_ip="0.0.0.0",
    ipv4_netmask="255.255.255.255",
    ipv4_start_ip="0.0.0.0",
    ipv4_wins_server1="0.0.0.0",
    ipv4_wins_server2="0.0.0.0",
    ipv6_dns_server1="::",
    ipv6_dns_server2="::",
    ipv6_dns_server3="::",
    ipv6_end_ip="::",
    ipv6_prefix=128,
    ipv6_start_ip="::",
    keepalive=10,
    keylife=86400,
    local_gw="0.0.0.0",
    localid_type="auto",
    mesh_selector_type="disable",
    mode="main",
    mode_cfg="disable",
    nattraversal="enable",
    negotiate_timeout=30,
    peertype="any",
    ppk="disable",
    priority=0,
    proposal="aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
    psksecret="dewcEde2112",
    reauth="disable",
    rekey="enable",
    remote_gw="1.1.1.1",
    rsa_signature_format="pkcs1",
    save_password="disable",
    send_cert_chain="enable",
    signature_hash_alg="sha2-512 sha2-384 sha2-256 sha1",
    suite_b="disable",
    type="static",
    unity_support="enable",
    wizard_type="custom",
    xauthtype="disable")

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vpn.NewPhase1(ctx, "trnamex1", &vpn.Phase1Args{
			AcctVerify:             pulumi.String("disable"),
			AddGwRoute:             pulumi.String("disable"),
			AddRoute:               pulumi.String("disable"),
			AssignIp:               pulumi.String("enable"),
			AssignIpFrom:           pulumi.String("range"),
			Authmethod:             pulumi.String("psk"),
			AutoNegotiate:          pulumi.String("enable"),
			CertIdValidation:       pulumi.String("enable"),
			ChildlessIke:           pulumi.String("disable"),
			ClientAutoNegotiate:    pulumi.String("disable"),
			ClientKeepAlive:        pulumi.String("disable"),
			Dhgrp:                  pulumi.String("14 5"),
			DigitalSignatureAuth:   pulumi.String("disable"),
			Distance:               pulumi.Int(15),
			DnsMode:                pulumi.String("manual"),
			Dpd:                    pulumi.String("on-demand"),
			DpdRetrycount:          pulumi.Int(3),
			DpdRetryinterval:       pulumi.String("20"),
			Eap:                    pulumi.String("disable"),
			EapIdentity:            pulumi.String("use-id-payload"),
			EnforceUniqueId:        pulumi.String("disable"),
			ForticlientEnforcement: pulumi.String("disable"),
			Fragmentation:          pulumi.String("enable"),
			FragmentationMtu:       pulumi.Int(1200),
			GroupAuthentication:    pulumi.String("disable"),
			HaSyncEspSeqno:         pulumi.String("enable"),
			IdleTimeout:            pulumi.String("disable"),
			IdleTimeoutinterval:    pulumi.Int(15),
			IkeVersion:             pulumi.String("1"),
			IncludeLocalLan:        pulumi.String("disable"),
			Interface:              pulumi.String("port4"),
			Ipv4DnsServer1:         pulumi.String("0.0.0.0"),
			Ipv4DnsServer2:         pulumi.String("0.0.0.0"),
			Ipv4DnsServer3:         pulumi.String("0.0.0.0"),
			Ipv4EndIp:              pulumi.String("0.0.0.0"),
			Ipv4Netmask:            pulumi.String("255.255.255.255"),
			Ipv4StartIp:            pulumi.String("0.0.0.0"),
			Ipv4WinsServer1:        pulumi.String("0.0.0.0"),
			Ipv4WinsServer2:        pulumi.String("0.0.0.0"),
			Ipv6DnsServer1:         pulumi.String("::"),
			Ipv6DnsServer2:         pulumi.String("::"),
			Ipv6DnsServer3:         pulumi.String("::"),
			Ipv6EndIp:              pulumi.String("::"),
			Ipv6Prefix:             pulumi.Int(128),
			Ipv6StartIp:            pulumi.String("::"),
			Keepalive:              pulumi.Int(10),
			Keylife:                pulumi.Int(86400),
			LocalGw:                pulumi.String("0.0.0.0"),
			LocalidType:            pulumi.String("auto"),
			MeshSelectorType:       pulumi.String("disable"),
			Mode:                   pulumi.String("main"),
			ModeCfg:                pulumi.String("disable"),
			Nattraversal:           pulumi.String("enable"),
			NegotiateTimeout:       pulumi.Int(30),
			Peertype:               pulumi.String("any"),
			Ppk:                    pulumi.String("disable"),
			Priority:               pulumi.Int(0),
			Proposal:               pulumi.String("aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1"),
			Psksecret:              pulumi.String("dewcEde2112"),
			Reauth:                 pulumi.String("disable"),
			Rekey:                  pulumi.String("enable"),
			RemoteGw:               pulumi.String("1.1.1.1"),
			RsaSignatureFormat:     pulumi.String("pkcs1"),
			SavePassword:           pulumi.String("disable"),
			SendCertChain:          pulumi.String("enable"),
			SignatureHashAlg:       pulumi.String("sha2-512 sha2-384 sha2-256 sha1"),
			SuiteB:                 pulumi.String("disable"),
			Type:                   pulumi.String("static"),
			UnitySupport:           pulumi.String("enable"),
			WizardType:             pulumi.String("custom"),
			Xauthtype:              pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;

return await Deployment.RunAsync(() => 
{
    var trnamex1 = new Fortios.Vpn.Ipsec.Phase1("trnamex1", new()
    {
        AcctVerify = "disable",
        AddGwRoute = "disable",
        AddRoute = "disable",
        AssignIp = "enable",
        AssignIpFrom = "range",
        Authmethod = "psk",
        AutoNegotiate = "enable",
        CertIdValidation = "enable",
        ChildlessIke = "disable",
        ClientAutoNegotiate = "disable",
        ClientKeepAlive = "disable",
        Dhgrp = "14 5",
        DigitalSignatureAuth = "disable",
        Distance = 15,
        DnsMode = "manual",
        Dpd = "on-demand",
        DpdRetrycount = 3,
        DpdRetryinterval = "20",
        Eap = "disable",
        EapIdentity = "use-id-payload",
        EnforceUniqueId = "disable",
        ForticlientEnforcement = "disable",
        Fragmentation = "enable",
        FragmentationMtu = 1200,
        GroupAuthentication = "disable",
        HaSyncEspSeqno = "enable",
        IdleTimeout = "disable",
        IdleTimeoutinterval = 15,
        IkeVersion = "1",
        IncludeLocalLan = "disable",
        Interface = "port4",
        Ipv4DnsServer1 = "0.0.0.0",
        Ipv4DnsServer2 = "0.0.0.0",
        Ipv4DnsServer3 = "0.0.0.0",
        Ipv4EndIp = "0.0.0.0",
        Ipv4Netmask = "255.255.255.255",
        Ipv4StartIp = "0.0.0.0",
        Ipv4WinsServer1 = "0.0.0.0",
        Ipv4WinsServer2 = "0.0.0.0",
        Ipv6DnsServer1 = "::",
        Ipv6DnsServer2 = "::",
        Ipv6DnsServer3 = "::",
        Ipv6EndIp = "::",
        Ipv6Prefix = 128,
        Ipv6StartIp = "::",
        Keepalive = 10,
        Keylife = 86400,
        LocalGw = "0.0.0.0",
        LocalidType = "auto",
        MeshSelectorType = "disable",
        Mode = "main",
        ModeCfg = "disable",
        Nattraversal = "enable",
        NegotiateTimeout = 30,
        Peertype = "any",
        Ppk = "disable",
        Priority = 0,
        Proposal = "aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1",
        Psksecret = "dewcEde2112",
        Reauth = "disable",
        Rekey = "enable",
        RemoteGw = "1.1.1.1",
        RsaSignatureFormat = "pkcs1",
        SavePassword = "disable",
        SendCertChain = "enable",
        SignatureHashAlg = "sha2-512 sha2-384 sha2-256 sha1",
        SuiteB = "disable",
        Type = "static",
        UnitySupport = "enable",
        WizardType = "custom",
        Xauthtype = "disable",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.vpn.Phase1;
import com.pulumi.fortios.vpn.Phase1Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trnamex1 = new Phase1("trnamex1", Phase1Args.builder()
            .acctVerify("disable")
            .addGwRoute("disable")
            .addRoute("disable")
            .assignIp("enable")
            .assignIpFrom("range")
            .authmethod("psk")
            .autoNegotiate("enable")
            .certIdValidation("enable")
            .childlessIke("disable")
            .clientAutoNegotiate("disable")
            .clientKeepAlive("disable")
            .dhgrp("14 5")
            .digitalSignatureAuth("disable")
            .distance(15)
            .dnsMode("manual")
            .dpd("on-demand")
            .dpdRetrycount(3)
            .dpdRetryinterval("20")
            .eap("disable")
            .eapIdentity("use-id-payload")
            .enforceUniqueId("disable")
            .forticlientEnforcement("disable")
            .fragmentation("enable")
            .fragmentationMtu(1200)
            .groupAuthentication("disable")
            .haSyncEspSeqno("enable")
            .idleTimeout("disable")
            .idleTimeoutinterval(15)
            .ikeVersion("1")
            .includeLocalLan("disable")
            .interface_("port4")
            .ipv4DnsServer1("0.0.0.0")
            .ipv4DnsServer2("0.0.0.0")
            .ipv4DnsServer3("0.0.0.0")
            .ipv4EndIp("0.0.0.0")
            .ipv4Netmask("255.255.255.255")
            .ipv4StartIp("0.0.0.0")
            .ipv4WinsServer1("0.0.0.0")
            .ipv4WinsServer2("0.0.0.0")
            .ipv6DnsServer1("::")
            .ipv6DnsServer2("::")
            .ipv6DnsServer3("::")
            .ipv6EndIp("::")
            .ipv6Prefix(128)
            .ipv6StartIp("::")
            .keepalive(10)
            .keylife(86400)
            .localGw("0.0.0.0")
            .localidType("auto")
            .meshSelectorType("disable")
            .mode("main")
            .modeCfg("disable")
            .nattraversal("enable")
            .negotiateTimeout(30)
            .peertype("any")
            .ppk("disable")
            .priority(0)
            .proposal("aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1")
            .psksecret("dewcEde2112")
            .reauth("disable")
            .rekey("enable")
            .remoteGw("1.1.1.1")
            .rsaSignatureFormat("pkcs1")
            .savePassword("disable")
            .sendCertChain("enable")
            .signatureHashAlg("sha2-512 sha2-384 sha2-256 sha1")
            .suiteB("disable")
            .type("static")
            .unitySupport("enable")
            .wizardType("custom")
            .xauthtype("disable")
            .build());

    }
}

resources:
  trnamex1:
    type: fortios:vpn/ipsec:Phase1
    properties:
      acctVerify: disable
      addGwRoute: disable
      addRoute: disable
      assignIp: enable
      assignIpFrom: range
      authmethod: psk
      autoNegotiate: enable
      certIdValidation: enable
      childlessIke: disable
      clientAutoNegotiate: disable
      clientKeepAlive: disable
      dhgrp: 14 5
      digitalSignatureAuth: disable
      distance: 15
      dnsMode: manual
      dpd: on-demand
      dpdRetrycount: 3
      dpdRetryinterval: '20'
      eap: disable
      eapIdentity: use-id-payload
      enforceUniqueId: disable
      forticlientEnforcement: disable
      fragmentation: enable
      fragmentationMtu: 1200
      groupAuthentication: disable
      haSyncEspSeqno: enable
      idleTimeout: disable
      idleTimeoutinterval: 15
      ikeVersion: '1'
      includeLocalLan: disable
      interface: port4
      ipv4DnsServer1: 0.0.0.0
      ipv4DnsServer2: 0.0.0.0
      ipv4DnsServer3: 0.0.0.0
      ipv4EndIp: 0.0.0.0
      ipv4Netmask: 255.255.255.255
      ipv4StartIp: 0.0.0.0
      ipv4WinsServer1: 0.0.0.0
      ipv4WinsServer2: 0.0.0.0
      ipv6DnsServer1: '::'
      ipv6DnsServer2: '::'
      ipv6DnsServer3: '::'
      ipv6EndIp: '::'
      ipv6Prefix: 128
      ipv6StartIp: '::'
      keepalive: 10
      keylife: 86400
      localGw: 0.0.0.0
      localidType: auto
      meshSelectorType: disable
      mode: main
      modeCfg: disable
      nattraversal: enable
      negotiateTimeout: 30
      peertype: any
      ppk: disable
      priority: 0
      proposal: aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
      psksecret: dewcEde2112
      reauth: disable
      rekey: enable
      remoteGw: 1.1.1.1
      rsaSignatureFormat: pkcs1
      savePassword: disable
      sendCertChain: enable
      signatureHashAlg: sha2-512 sha2-384 sha2-256 sha1
      suiteB: disable
      type: static
      unitySupport: enable
      wizardType: custom
      xauthtype: disable

Create Phase1 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Phase1(name: string, args: Phase1Args, opts?: CustomResourceOptions);

@overload
def Phase1(resource_name: str,
           args: Phase1Args,
           opts: Optional[ResourceOptions] = None)

@overload
def Phase1(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           interface: Optional[str] = None,
           proposal: Optional[str] = None,
           psksecret: Optional[str] = None,
           acct_verify: Optional[str] = None,
           add_gw_route: Optional[str] = None,
           add_route: Optional[str] = None,
           assign_ip: Optional[str] = None,
           assign_ip_from: Optional[str] = None,
           authmethod: Optional[str] = None,
           authmethod_remote: Optional[str] = None,
           authpasswd: Optional[str] = None,
           authusr: Optional[str] = None,
           authusrgrp: Optional[str] = None,
           auto_negotiate: Optional[str] = None,
           azure_ad_autoconnect: Optional[str] = None,
           backup_gateways: Optional[Sequence[Phase1BackupGatewayArgs]] = None,
           banner: Optional[str] = None,
           cert_id_validation: Optional[str] = None,
           cert_peer_username_strip: Optional[str] = None,
           cert_peer_username_validation: Optional[str] = None,
           cert_trust_store: Optional[str] = None,
           certificates: Optional[Sequence[Phase1CertificateArgs]] = None,
           childless_ike: Optional[str] = None,
           client_auto_negotiate: Optional[str] = None,
           client_keep_alive: Optional[str] = None,
           client_resume: Optional[str] = None,
           client_resume_interval: Optional[int] = None,
           comments: Optional[str] = None,
           dev_id: Optional[str] = None,
           dev_id_notification: Optional[str] = None,
           dhcp6_ra_linkaddr: Optional[str] = None,
           dhcp_ra_giaddr: Optional[str] = None,
           dhgrp: Optional[str] = None,
           digital_signature_auth: Optional[str] = None,
           distance: Optional[int] = None,
           dns_mode: Optional[str] = None,
           domain: Optional[str] = None,
           dpd: Optional[str] = None,
           dpd_retrycount: Optional[int] = None,
           dpd_retryinterval: Optional[str] = None,
           dynamic_sort_subtable: Optional[str] = None,
           eap: Optional[str] = None,
           eap_cert_auth: Optional[str] = None,
           eap_exclude_peergrp: Optional[str] = None,
           eap_identity: Optional[str] = None,
           ems_sn_check: Optional[str] = None,
           enforce_unique_id: Optional[str] = None,
           esn: Optional[str] = None,
           exchange_fgt_device_id: Optional[str] = None,
           fallback_tcp_threshold: Optional[int] = None,
           fec_base: Optional[int] = None,
           fec_codec: Optional[int] = None,
           fec_codec_string: Optional[str] = None,
           fec_egress: Optional[str] = None,
           fec_health_check: Optional[str] = None,
           fec_ingress: Optional[str] = None,
           fec_mapping_profile: Optional[str] = None,
           fec_receive_timeout: Optional[int] = None,
           fec_redundant: Optional[int] = None,
           fec_send_timeout: Optional[int] = None,
           fgsp_sync: Optional[str] = None,
           forticlient_enforcement: Optional[str] = None,
           fortinet_esp: Optional[str] = None,
           fragmentation: Optional[str] = None,
           fragmentation_mtu: Optional[int] = None,
           get_all_tables: Optional[str] = None,
           group_authentication: Optional[str] = None,
           group_authentication_secret: Optional[str] = None,
           ha_sync_esp_seqno: Optional[str] = None,
           idle_timeout: Optional[str] = None,
           idle_timeoutinterval: Optional[int] = None,
           ike_version: Optional[str] = None,
           inbound_dscp_copy: Optional[str] = None,
           include_local_lan: Optional[str] = None,
           internal_domain_lists: Optional[Sequence[Phase1InternalDomainListArgs]] = None,
           ip_delay_interval: Optional[int] = None,
           ipv4_dns_server1: Optional[str] = None,
           ipv4_dns_server2: Optional[str] = None,
           ipv4_dns_server3: Optional[str] = None,
           ipv4_end_ip: Optional[str] = None,
           ipv4_exclude_ranges: Optional[Sequence[Phase1Ipv4ExcludeRangeArgs]] = None,
           ipv4_name: Optional[str] = None,
           ipv4_netmask: Optional[str] = None,
           ipv4_split_exclude: Optional[str] = None,
           ipv4_split_include: Optional[str] = None,
           ipv4_start_ip: Optional[str] = None,
           ipv4_wins_server1: Optional[str] = None,
           ipv4_wins_server2: Optional[str] = None,
           ipv6_dns_server1: Optional[str] = None,
           ipv6_dns_server2: Optional[str] = None,
           ipv6_dns_server3: Optional[str] = None,
           ipv6_end_ip: Optional[str] = None,
           ipv6_exclude_ranges: Optional[Sequence[Phase1Ipv6ExcludeRangeArgs]] = None,
           ipv6_name: Optional[str] = None,
           ipv6_prefix: Optional[int] = None,
           ipv6_split_exclude: Optional[str] = None,
           ipv6_split_include: Optional[str] = None,
           ipv6_start_ip: Optional[str] = None,
           keepalive: Optional[int] = None,
           keylife: Optional[int] = None,
           kms: Optional[str] = None,
           link_cost: Optional[int] = None,
           local_gw: Optional[str] = None,
           localid: Optional[str] = None,
           localid_type: Optional[str] = None,
           loopback_asymroute: Optional[str] = None,
           mesh_selector_type: Optional[str] = None,
           mode: Optional[str] = None,
           mode_cfg: Optional[str] = None,
           mode_cfg_allow_client_selector: Optional[str] = None,
           name: Optional[str] = None,
           nattraversal: Optional[str] = None,
           negotiate_timeout: Optional[int] = None,
           network_id: Optional[int] = None,
           network_overlay: Optional[str] = None,
           npu_offload: Optional[str] = None,
           peer: Optional[str] = None,
           peergrp: Optional[str] = None,
           peerid: Optional[str] = None,
           peertype: Optional[str] = None,
           ppk: Optional[str] = None,
           ppk_identity: Optional[str] = None,
           ppk_secret: Optional[str] = None,
           priority: Optional[int] = None,
           psksecret_remote: Optional[str] = None,
           qkd: Optional[str] = None,
           qkd_profile: Optional[str] = None,
           reauth: Optional[str] = None,
           rekey: Optional[str] = None,
           remote_gw: Optional[str] = None,
           remote_gw6_country: Optional[str] = None,
           remote_gw6_end_ip: Optional[str] = None,
           remote_gw6_match: Optional[str] = None,
           remote_gw6_start_ip: Optional[str] = None,
           remote_gw6_subnet: Optional[str] = None,
           remote_gw_country: Optional[str] = None,
           remote_gw_end_ip: Optional[str] = None,
           remote_gw_match: Optional[str] = None,
           remote_gw_start_ip: Optional[str] = None,
           remote_gw_subnet: Optional[str] = None,
           remotegw_ddns: Optional[str] = None,
           rsa_signature_format: Optional[str] = None,
           rsa_signature_hash_override: Optional[str] = None,
           save_password: Optional[str] = None,
           send_cert_chain: Optional[str] = None,
           signature_hash_alg: Optional[str] = None,
           split_include_service: Optional[str] = None,
           suite_b: Optional[str] = None,
           transport: Optional[str] = None,
           type: Optional[str] = None,
           unity_support: Optional[str] = None,
           usrgrp: Optional[str] = None,
           vdomparam: Optional[str] = None,
           wizard_type: Optional[str] = None,
           xauthtype: Optional[str] = None)

func NewPhase1(ctx *Context, name string, args Phase1Args, opts ...ResourceOption) (*Phase1, error)

public Phase1(string name, Phase1Args args, CustomResourceOptions? opts = null)

public Phase1(String name, Phase1Args args)
public Phase1(String name, Phase1Args args, CustomResourceOptions options)

type: fortios:vpn/ipsec/phase1:Phase1
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args Phase1Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args Phase1Args: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args Phase1Args: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args Phase1Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args Phase1Args: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Phase1 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Phase1 resource accepts the following input properties:

Interface string: Local physical, aggregate, or VLAN outgoing interface.
Proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
Psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
AcctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
AddGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
AddRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
AssignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
AssignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
Authmethod string: Authentication method. Valid values: psk, signature.
AuthmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
Authpasswd string: XAuth password (max 35 characters).
Authusr string: XAuth user name.
Authusrgrp string: Authentication user group.
AutoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
AzureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
BackupGateways List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1BackupGateway>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
Banner string: Message that unity client should display after connecting.
CertIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
CertPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
CertPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
CertTrustStore string: CA certificate trust store. Valid values: local, ems.
Certificates List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Certificate>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
ChildlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
ClientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
ClientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
ClientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
ClientResumeInterval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
Comments string: Comment.
DevId string: Device ID carried by the device ID notification.
DevIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
Dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
DhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
Dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
DigitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
Distance int: Distance for routes added by IKE (1 - 255).
DnsMode string: DNS server mode. Valid values: manual, auto.
Domain string: Instruct unity clients about the default DNS domain.
Dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
DpdRetrycount int: Number of DPD retry attempts.
DpdRetryinterval string: DPD retry interval.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
EapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
EapExcludePeergrp string: Peer group excluded from EAP authentication.
EapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
EmsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
EnforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
Esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
ExchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
FallbackTcpThreshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
FecBase int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
FecCodec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
FecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
FecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
FecHealthCheck string: SD-WAN health check.
FecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
FecMappingProfile string: Forward Error Correction (FEC) mapping profile.
FecReceiveTimeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
FecRedundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
FecSendTimeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
FgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
ForticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
FortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
Fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
FragmentationMtu int: IKE fragmentation MTU (500 - 16000).
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GroupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
GroupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
HaSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
IdleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
IdleTimeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
IkeVersion string: IKE protocol version. Valid values: 1, 2.
InboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
IncludeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
InternalDomainLists List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1InternalDomainList>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
IpDelayInterval int: IP address reuse delay interval in seconds (0 - 28800).
Ipv4DnsServer1 string: IPv4 DNS server 1.
Ipv4DnsServer2 string: IPv4 DNS server 2.
Ipv4DnsServer3 string: IPv4 DNS server 3.
Ipv4EndIp string: End of IPv4 range.
Ipv4ExcludeRanges List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Ipv4ExcludeRange>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
Ipv4Name string: IPv4 address name.
Ipv4Netmask string: IPv4 Netmask.
Ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
Ipv4SplitInclude string: IPv4 split-include subnets.
Ipv4StartIp string: Start of IPv4 range.
Ipv4WinsServer1 string: WINS server 1.
Ipv4WinsServer2 string: WINS server 2.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6DnsServer3 string: IPv6 DNS server 3.
Ipv6EndIp string: End of IPv6 range.
Ipv6ExcludeRanges List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Ipv6ExcludeRange>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
Ipv6Name string: IPv6 address name.
Ipv6Prefix int: IPv6 prefix.
Ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
Ipv6SplitInclude string: IPv6 split-include subnets.
Ipv6StartIp string: Start of IPv6 range.
Keepalive int: NAT-T keep alive interval.
Keylife int: Time to wait in seconds before phase 1 encryption key expires.
Kms string: Key Management Services server.
LinkCost int: VPN tunnel underlay link cost.
LocalGw string: Local VPN gateway.
Localid string: Local ID.
LocalidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
LoopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
MeshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
Mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
ModeCfg string: Enable/disable configuration method. Valid values: disable, enable.
ModeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
Name string: IPsec remote gateway name.
Nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
NegotiateTimeout int: IKE SA negotiation timeout in seconds (1 - 300).
NetworkId int: VPN gateway network ID.
NetworkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
NpuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
Peer string: Accept this peer certificate.
Peergrp string: Accept this peer certificate group.
Peerid string: Accept this peer identity.
Peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
Ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
PpkIdentity string: IKEv2 Postquantum Preshared Key Identity.
PpkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
Priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
PsksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
Qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
QkdProfile string: Quantum Key Distribution (QKD) server profile.
Reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
Rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
RemoteGw string: Remote VPN gateway.
RemoteGw6Country string: IPv6 addresses associated to a specific country.
RemoteGw6EndIp string: Last IPv6 address in the range.
RemoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
RemoteGw6StartIp string: First IPv6 address in the range.
RemoteGw6Subnet string: IPv6 address and prefix.
RemoteGwCountry string: IPv4 addresses associated to a specific country.
RemoteGwEndIp string: Last IPv4 address in the range.
RemoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
RemoteGwStartIp string: First IPv4 address in the range.
RemoteGwSubnet string: IPv4 address and subnet mask.
RemotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
RsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
RsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
SavePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
SendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
SignatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
SplitIncludeService string: Split-include services.
SuiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
Transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
Type string: Remote gateway type. Valid values: static, dynamic, ddns.
UnitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
Usrgrp string: User group name for dialup peers.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WizardType string: GUI VPN Wizard Type.
Xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

Interface string: Local physical, aggregate, or VLAN outgoing interface.
Proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
Psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
AcctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
AddGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
AddRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
AssignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
AssignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
Authmethod string: Authentication method. Valid values: psk, signature.
AuthmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
Authpasswd string: XAuth password (max 35 characters).
Authusr string: XAuth user name.
Authusrgrp string: Authentication user group.
AutoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
AzureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
BackupGateways []Phase1BackupGatewayArgs: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
Banner string: Message that unity client should display after connecting.
CertIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
CertPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
CertPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
CertTrustStore string: CA certificate trust store. Valid values: local, ems.
Certificates []Phase1CertificateArgs: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
ChildlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
ClientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
ClientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
ClientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
ClientResumeInterval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
Comments string: Comment.
DevId string: Device ID carried by the device ID notification.
DevIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
Dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
DhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
Dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
DigitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
Distance int: Distance for routes added by IKE (1 - 255).
DnsMode string: DNS server mode. Valid values: manual, auto.
Domain string: Instruct unity clients about the default DNS domain.
Dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
DpdRetrycount int: Number of DPD retry attempts.
DpdRetryinterval string: DPD retry interval.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
EapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
EapExcludePeergrp string: Peer group excluded from EAP authentication.
EapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
EmsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
EnforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
Esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
ExchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
FallbackTcpThreshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
FecBase int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
FecCodec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
FecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
FecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
FecHealthCheck string: SD-WAN health check.
FecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
FecMappingProfile string: Forward Error Correction (FEC) mapping profile.
FecReceiveTimeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
FecRedundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
FecSendTimeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
FgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
ForticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
FortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
Fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
FragmentationMtu int: IKE fragmentation MTU (500 - 16000).
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GroupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
GroupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
HaSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
IdleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
IdleTimeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
IkeVersion string: IKE protocol version. Valid values: 1, 2.
InboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
IncludeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
InternalDomainLists []Phase1InternalDomainListArgs: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
IpDelayInterval int: IP address reuse delay interval in seconds (0 - 28800).
Ipv4DnsServer1 string: IPv4 DNS server 1.
Ipv4DnsServer2 string: IPv4 DNS server 2.
Ipv4DnsServer3 string: IPv4 DNS server 3.
Ipv4EndIp string: End of IPv4 range.
Ipv4ExcludeRanges []Phase1Ipv4ExcludeRangeArgs: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
Ipv4Name string: IPv4 address name.
Ipv4Netmask string: IPv4 Netmask.
Ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
Ipv4SplitInclude string: IPv4 split-include subnets.
Ipv4StartIp string: Start of IPv4 range.
Ipv4WinsServer1 string: WINS server 1.
Ipv4WinsServer2 string: WINS server 2.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6DnsServer3 string: IPv6 DNS server 3.
Ipv6EndIp string: End of IPv6 range.
Ipv6ExcludeRanges []Phase1Ipv6ExcludeRangeArgs: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
Ipv6Name string: IPv6 address name.
Ipv6Prefix int: IPv6 prefix.
Ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
Ipv6SplitInclude string: IPv6 split-include subnets.
Ipv6StartIp string: Start of IPv6 range.
Keepalive int: NAT-T keep alive interval.
Keylife int: Time to wait in seconds before phase 1 encryption key expires.
Kms string: Key Management Services server.
LinkCost int: VPN tunnel underlay link cost.
LocalGw string: Local VPN gateway.
Localid string: Local ID.
LocalidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
LoopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
MeshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
Mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
ModeCfg string: Enable/disable configuration method. Valid values: disable, enable.
ModeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
Name string: IPsec remote gateway name.
Nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
NegotiateTimeout int: IKE SA negotiation timeout in seconds (1 - 300).
NetworkId int: VPN gateway network ID.
NetworkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
NpuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
Peer string: Accept this peer certificate.
Peergrp string: Accept this peer certificate group.
Peerid string: Accept this peer identity.
Peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
Ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
PpkIdentity string: IKEv2 Postquantum Preshared Key Identity.
PpkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
Priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
PsksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
Qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
QkdProfile string: Quantum Key Distribution (QKD) server profile.
Reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
Rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
RemoteGw string: Remote VPN gateway.
RemoteGw6Country string: IPv6 addresses associated to a specific country.
RemoteGw6EndIp string: Last IPv6 address in the range.
RemoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
RemoteGw6StartIp string: First IPv6 address in the range.
RemoteGw6Subnet string: IPv6 address and prefix.
RemoteGwCountry string: IPv4 addresses associated to a specific country.
RemoteGwEndIp string: Last IPv4 address in the range.
RemoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
RemoteGwStartIp string: First IPv4 address in the range.
RemoteGwSubnet string: IPv4 address and subnet mask.
RemotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
RsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
RsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
SavePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
SendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
SignatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
SplitIncludeService string: Split-include services.
SuiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
Transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
Type string: Remote gateway type. Valid values: static, dynamic, ddns.
UnitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
Usrgrp string: User group name for dialup peers.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WizardType string: GUI VPN Wizard Type.
Xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

interface_ String: Local physical, aggregate, or VLAN outgoing interface.
proposal String: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret String: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
acctVerify String: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute String: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute String: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp String: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom String: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod String: Authentication method. Valid values: psk, signature.
authmethodRemote String: Authentication method (remote side). Valid values: psk, signature.
authpasswd String: XAuth password (max 35 characters).
authusr String: XAuth user name.
authusrgrp String: Authentication user group.
autoNegotiate String: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect String: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways List<Phase1BackupGateway>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner String: Message that unity client should display after connecting.
certIdValidation String: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip String: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation String: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore String: CA certificate trust store. Valid values: local, ems.
certificates List<Phase1Certificate>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke String: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate String: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive String: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume String: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval Integer: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments String: Comment.
devId String: Device ID carried by the device ID notification.
devIdNotification String: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr String: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr String: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp String: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth String: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance Integer: Distance for routes added by IKE (1 - 255).
dnsMode String: DNS server mode. Valid values: manual, auto.
domain String: Instruct unity clients about the default DNS domain.
dpd String: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount Integer: Number of DPD retry attempts.
dpdRetryinterval String: DPD retry interval.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap String: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth String: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp String: Peer group excluded from EAP authentication.
eapIdentity String: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck String: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId String: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn String: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId String: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold Integer: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase Integer: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec Integer: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString String: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress String: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck String: SD-WAN health check.
fecIngress String: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile String: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout Integer: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant Integer: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout Integer: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync String: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement String: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp String: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation String: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu Integer: IKE fragmentation MTU (500 - 16000).
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication String: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret String: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno String: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout String: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval Integer: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion String: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy String: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan String: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
internalDomainLists List<Phase1InternalDomainList>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval Integer: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 String: IPv4 DNS server 1.
ipv4DnsServer2 String: IPv4 DNS server 2.
ipv4DnsServer3 String: IPv4 DNS server 3.
ipv4EndIp String: End of IPv4 range.
ipv4ExcludeRanges List<Phase1Ipv4ExcludeRange>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name String: IPv4 address name.
ipv4Netmask String: IPv4 Netmask.
ipv4SplitExclude String: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude String: IPv4 split-include subnets.
ipv4StartIp String: Start of IPv4 range.
ipv4WinsServer1 String: WINS server 1.
ipv4WinsServer2 String: WINS server 2.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6DnsServer3 String: IPv6 DNS server 3.
ipv6EndIp String: End of IPv6 range.
ipv6ExcludeRanges List<Phase1Ipv6ExcludeRange>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name String: IPv6 address name.
ipv6Prefix Integer: IPv6 prefix.
ipv6SplitExclude String: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude String: IPv6 split-include subnets.
ipv6StartIp String: Start of IPv6 range.
keepalive Integer: NAT-T keep alive interval.
keylife Integer: Time to wait in seconds before phase 1 encryption key expires.
kms String: Key Management Services server.
linkCost Integer: VPN tunnel underlay link cost.
localGw String: Local VPN gateway.
localid String: Local ID.
localidType String: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute String: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType String: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode String: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg String: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector String: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name String: IPsec remote gateway name.
nattraversal String: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout Integer: IKE SA negotiation timeout in seconds (1 - 300).
networkId Integer: VPN gateway network ID.
networkOverlay String: Enable/disable network overlays. Valid values: disable, enable.
npuOffload String: Enable/disable offloading NPU. Valid values: enable, disable.
peer String: Accept this peer certificate.
peergrp String: Accept this peer certificate group.
peerid String: Accept this peer identity.
peertype String: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk String: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity String: IKEv2 Postquantum Preshared Key Identity.
ppkSecret String: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority Integer: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
psksecretRemote String: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd String: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile String: Quantum Key Distribution (QKD) server profile.
reauth String: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey String: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw String: Remote VPN gateway.
remoteGw6Country String: IPv6 addresses associated to a specific country.
remoteGw6EndIp String: Last IPv6 address in the range.
remoteGw6Match String: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp String: First IPv6 address in the range.
remoteGw6Subnet String: IPv6 address and prefix.
remoteGwCountry String: IPv4 addresses associated to a specific country.
remoteGwEndIp String: Last IPv4 address in the range.
remoteGwMatch String: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp String: First IPv4 address in the range.
remoteGwSubnet String: IPv4 address and subnet mask.
remotegwDdns String: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat String: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride String: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword String: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain String: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg String: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService String: Split-include services.
suiteB String: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport String: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type String: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport String: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp String: User group name for dialup peers.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType String: GUI VPN Wizard Type.
xauthtype String: XAuth type. Valid values: disable, client, pap, chap, auto.

interface string: Local physical, aggregate, or VLAN outgoing interface.
proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
acctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod string: Authentication method. Valid values: psk, signature.
authmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
authpasswd string: XAuth password (max 35 characters).
authusr string: XAuth user name.
authusrgrp string: Authentication user group.
autoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways Phase1BackupGateway[]: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner string: Message that unity client should display after connecting.
certIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore string: CA certificate trust store. Valid values: local, ems.
certificates Phase1Certificate[]: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval number: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments string: Comment.
devId string: Device ID carried by the device ID notification.
devIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance number: Distance for routes added by IKE (1 - 255).
dnsMode string: DNS server mode. Valid values: manual, auto.
domain string: Instruct unity clients about the default DNS domain.
dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount number: Number of DPD retry attempts.
dpdRetryinterval string: DPD retry interval.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp string: Peer group excluded from EAP authentication.
eapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold number: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase number: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec number: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck string: SD-WAN health check.
fecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile string: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout number: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant number: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout number: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu number: IKE fragmentation MTU (500 - 16000).
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval number: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion string: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
internalDomainLists Phase1InternalDomainList[]: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval number: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 string: IPv4 DNS server 1.
ipv4DnsServer2 string: IPv4 DNS server 2.
ipv4DnsServer3 string: IPv4 DNS server 3.
ipv4EndIp string: End of IPv4 range.
ipv4ExcludeRanges Phase1Ipv4ExcludeRange[]: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name string: IPv4 address name.
ipv4Netmask string: IPv4 Netmask.
ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude string: IPv4 split-include subnets.
ipv4StartIp string: Start of IPv4 range.
ipv4WinsServer1 string: WINS server 1.
ipv4WinsServer2 string: WINS server 2.
ipv6DnsServer1 string: IPv6 DNS server 1.
ipv6DnsServer2 string: IPv6 DNS server 2.
ipv6DnsServer3 string: IPv6 DNS server 3.
ipv6EndIp string: End of IPv6 range.
ipv6ExcludeRanges Phase1Ipv6ExcludeRange[]: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name string: IPv6 address name.
ipv6Prefix number: IPv6 prefix.
ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude string: IPv6 split-include subnets.
ipv6StartIp string: Start of IPv6 range.
keepalive number: NAT-T keep alive interval.
keylife number: Time to wait in seconds before phase 1 encryption key expires.
kms string: Key Management Services server.
linkCost number: VPN tunnel underlay link cost.
localGw string: Local VPN gateway.
localid string: Local ID.
localidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg string: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name string: IPsec remote gateway name.
nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout number: IKE SA negotiation timeout in seconds (1 - 300).
networkId number: VPN gateway network ID.
networkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
npuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
peer string: Accept this peer certificate.
peergrp string: Accept this peer certificate group.
peerid string: Accept this peer identity.
peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity string: IKEv2 Postquantum Preshared Key Identity.
ppkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority number: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
psksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile string: Quantum Key Distribution (QKD) server profile.
reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw string: Remote VPN gateway.
remoteGw6Country string: IPv6 addresses associated to a specific country.
remoteGw6EndIp string: Last IPv6 address in the range.
remoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp string: First IPv6 address in the range.
remoteGw6Subnet string: IPv6 address and prefix.
remoteGwCountry string: IPv4 addresses associated to a specific country.
remoteGwEndIp string: Last IPv4 address in the range.
remoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp string: First IPv4 address in the range.
remoteGwSubnet string: IPv4 address and subnet mask.
remotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService string: Split-include services.
suiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type string: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp string: User group name for dialup peers.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType string: GUI VPN Wizard Type.
xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

interface str: Local physical, aggregate, or VLAN outgoing interface.
proposal str: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret str: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
acct_verify str: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
add_gw_route str: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
add_route str: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assign_ip str: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assign_ip_from str: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod str: Authentication method. Valid values: psk, signature.
authmethod_remote str: Authentication method (remote side). Valid values: psk, signature.
authpasswd str: XAuth password (max 35 characters).
authusr str: XAuth user name.
authusrgrp str: Authentication user group.
auto_negotiate str: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azure_ad_autoconnect str: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backup_gateways Sequence[Phase1BackupGatewayArgs]: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner str: Message that unity client should display after connecting.
cert_id_validation str: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
cert_peer_username_strip str: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
cert_peer_username_validation str: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
cert_trust_store str: CA certificate trust store. Valid values: local, ems.
certificates Sequence[Phase1CertificateArgs]: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childless_ike str: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
client_auto_negotiate str: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
client_keep_alive str: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
client_resume str: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
client_resume_interval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments str: Comment.
dev_id str: Device ID carried by the device ID notification.
dev_id_notification str: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6_ra_linkaddr str: Relay agent IPv6 link address to use in DHCP6 requests.
dhcp_ra_giaddr str: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp str: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digital_signature_auth str: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance int: Distance for routes added by IKE (1 - 255).
dns_mode str: DNS server mode. Valid values: manual, auto.
domain str: Instruct unity clients about the default DNS domain.
dpd str: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpd_retrycount int: Number of DPD retry attempts.
dpd_retryinterval str: DPD retry interval.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap str: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eap_cert_auth str: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eap_exclude_peergrp str: Peer group excluded from EAP authentication.
eap_identity str: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
ems_sn_check str: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforce_unique_id str: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn str: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchange_fgt_device_id str: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallback_tcp_threshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fec_base int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fec_codec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fec_codec_string str: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fec_egress str: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fec_health_check str: SD-WAN health check.
fec_ingress str: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fec_mapping_profile str: Forward Error Correction (FEC) mapping profile.
fec_receive_timeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fec_redundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fec_send_timeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgsp_sync str: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlient_enforcement str: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinet_esp str: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation str: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentation_mtu int: IKE fragmentation MTU (500 - 16000).
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
group_authentication str: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
group_authentication_secret str: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
ha_sync_esp_seqno str: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idle_timeout str: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idle_timeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
ike_version str: IKE protocol version. Valid values: 1, 2.
inbound_dscp_copy str: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
include_local_lan str: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
internal_domain_lists Sequence[Phase1InternalDomainListArgs]: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ip_delay_interval int: IP address reuse delay interval in seconds (0 - 28800).
ipv4_dns_server1 str: IPv4 DNS server 1.
ipv4_dns_server2 str: IPv4 DNS server 2.
ipv4_dns_server3 str: IPv4 DNS server 3.
ipv4_end_ip str: End of IPv4 range.
ipv4_exclude_ranges Sequence[Phase1Ipv4ExcludeRangeArgs]: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4_name str: IPv4 address name.
ipv4_netmask str: IPv4 Netmask.
ipv4_split_exclude str: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4_split_include str: IPv4 split-include subnets.
ipv4_start_ip str: Start of IPv4 range.
ipv4_wins_server1 str: WINS server 1.
ipv4_wins_server2 str: WINS server 2.
ipv6_dns_server1 str: IPv6 DNS server 1.
ipv6_dns_server2 str: IPv6 DNS server 2.
ipv6_dns_server3 str: IPv6 DNS server 3.
ipv6_end_ip str: End of IPv6 range.
ipv6_exclude_ranges Sequence[Phase1Ipv6ExcludeRangeArgs]: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6_name str: IPv6 address name.
ipv6_prefix int: IPv6 prefix.
ipv6_split_exclude str: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6_split_include str: IPv6 split-include subnets.
ipv6_start_ip str: Start of IPv6 range.
keepalive int: NAT-T keep alive interval.
keylife int: Time to wait in seconds before phase 1 encryption key expires.
kms str: Key Management Services server.
link_cost int: VPN tunnel underlay link cost.
local_gw str: Local VPN gateway.
localid str: Local ID.
localid_type str: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopback_asymroute str: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
mesh_selector_type str: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode str: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
mode_cfg str: Enable/disable configuration method. Valid values: disable, enable.
mode_cfg_allow_client_selector str: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name str: IPsec remote gateway name.
nattraversal str: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiate_timeout int: IKE SA negotiation timeout in seconds (1 - 300).
network_id int: VPN gateway network ID.
network_overlay str: Enable/disable network overlays. Valid values: disable, enable.
npu_offload str: Enable/disable offloading NPU. Valid values: enable, disable.
peer str: Accept this peer certificate.
peergrp str: Accept this peer certificate group.
peerid str: Accept this peer identity.
peertype str: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk str: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppk_identity str: IKEv2 Postquantum Preshared Key Identity.
ppk_secret str: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
psksecret_remote str: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd str: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkd_profile str: Quantum Key Distribution (QKD) server profile.
reauth str: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey str: Enable/disable phase1 rekey. Valid values: enable, disable.
remote_gw str: Remote VPN gateway.
remote_gw6_country str: IPv6 addresses associated to a specific country.
remote_gw6_end_ip str: Last IPv6 address in the range.
remote_gw6_match str: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remote_gw6_start_ip str: First IPv6 address in the range.
remote_gw6_subnet str: IPv6 address and prefix.
remote_gw_country str: IPv4 addresses associated to a specific country.
remote_gw_end_ip str: Last IPv4 address in the range.
remote_gw_match str: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remote_gw_start_ip str: First IPv4 address in the range.
remote_gw_subnet str: IPv4 address and subnet mask.
remotegw_ddns str: Domain name of remote gateway. For example, name.ddns.com.
rsa_signature_format str: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsa_signature_hash_override str: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
save_password str: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
send_cert_chain str: Enable/disable sending certificate chain. Valid values: enable, disable.
signature_hash_alg str: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
split_include_service str: Split-include services.
suite_b str: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport str: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type str: Remote gateway type. Valid values: static, dynamic, ddns.
unity_support str: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp str: User group name for dialup peers.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizard_type str: GUI VPN Wizard Type.
xauthtype str: XAuth type. Valid values: disable, client, pap, chap, auto.

interface String: Local physical, aggregate, or VLAN outgoing interface.
proposal String: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret String: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
acctVerify String: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute String: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute String: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp String: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom String: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod String: Authentication method. Valid values: psk, signature.
authmethodRemote String: Authentication method (remote side). Valid values: psk, signature.
authpasswd String: XAuth password (max 35 characters).
authusr String: XAuth user name.
authusrgrp String: Authentication user group.
autoNegotiate String: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect String: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways List<Property Map>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner String: Message that unity client should display after connecting.
certIdValidation String: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip String: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation String: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore String: CA certificate trust store. Valid values: local, ems.
certificates List<Property Map>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke String: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate String: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive String: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume String: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval Number: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments String: Comment.
devId String: Device ID carried by the device ID notification.
devIdNotification String: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr String: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr String: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp String: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth String: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance Number: Distance for routes added by IKE (1 - 255).
dnsMode String: DNS server mode. Valid values: manual, auto.
domain String: Instruct unity clients about the default DNS domain.
dpd String: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount Number: Number of DPD retry attempts.
dpdRetryinterval String: DPD retry interval.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap String: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth String: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp String: Peer group excluded from EAP authentication.
eapIdentity String: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck String: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId String: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn String: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId String: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold Number: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase Number: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec Number: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString String: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress String: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck String: SD-WAN health check.
fecIngress String: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile String: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout Number: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant Number: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout Number: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync String: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement String: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp String: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation String: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu Number: IKE fragmentation MTU (500 - 16000).
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication String: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret String: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno String: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout String: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval Number: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion String: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy String: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan String: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
internalDomainLists List<Property Map>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval Number: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 String: IPv4 DNS server 1.
ipv4DnsServer2 String: IPv4 DNS server 2.
ipv4DnsServer3 String: IPv4 DNS server 3.
ipv4EndIp String: End of IPv4 range.
ipv4ExcludeRanges List<Property Map>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name String: IPv4 address name.
ipv4Netmask String: IPv4 Netmask.
ipv4SplitExclude String: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude String: IPv4 split-include subnets.
ipv4StartIp String: Start of IPv4 range.
ipv4WinsServer1 String: WINS server 1.
ipv4WinsServer2 String: WINS server 2.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6DnsServer3 String: IPv6 DNS server 3.
ipv6EndIp String: End of IPv6 range.
ipv6ExcludeRanges List<Property Map>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name String: IPv6 address name.
ipv6Prefix Number: IPv6 prefix.
ipv6SplitExclude String: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude String: IPv6 split-include subnets.
ipv6StartIp String: Start of IPv6 range.
keepalive Number: NAT-T keep alive interval.
keylife Number: Time to wait in seconds before phase 1 encryption key expires.
kms String: Key Management Services server.
linkCost Number: VPN tunnel underlay link cost.
localGw String: Local VPN gateway.
localid String: Local ID.
localidType String: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute String: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType String: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode String: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg String: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector String: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name String: IPsec remote gateway name.
nattraversal String: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout Number: IKE SA negotiation timeout in seconds (1 - 300).
networkId Number: VPN gateway network ID.
networkOverlay String: Enable/disable network overlays. Valid values: disable, enable.
npuOffload String: Enable/disable offloading NPU. Valid values: enable, disable.
peer String: Accept this peer certificate.
peergrp String: Accept this peer certificate group.
peerid String: Accept this peer identity.
peertype String: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk String: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity String: IKEv2 Postquantum Preshared Key Identity.
ppkSecret String: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority Number: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
psksecretRemote String: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd String: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile String: Quantum Key Distribution (QKD) server profile.
reauth String: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey String: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw String: Remote VPN gateway.
remoteGw6Country String: IPv6 addresses associated to a specific country.
remoteGw6EndIp String: Last IPv6 address in the range.
remoteGw6Match String: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp String: First IPv6 address in the range.
remoteGw6Subnet String: IPv6 address and prefix.
remoteGwCountry String: IPv4 addresses associated to a specific country.
remoteGwEndIp String: Last IPv4 address in the range.
remoteGwMatch String: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp String: First IPv4 address in the range.
remoteGwSubnet String: IPv4 address and subnet mask.
remotegwDdns String: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat String: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride String: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword String: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain String: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg String: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService String: Split-include services.
suiteB String: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport String: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type String: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport String: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp String: User group name for dialup peers.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType String: GUI VPN Wizard Type.
xauthtype String: XAuth type. Valid values: disable, client, pap, chap, auto.

Outputs

All input properties are implicitly available as output properties. Additionally, the Phase1 resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Phase1 Resource

Get an existing Phase1 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: Phase1State, opts?: CustomResourceOptions): Phase1

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acct_verify: Optional[str] = None,
        add_gw_route: Optional[str] = None,
        add_route: Optional[str] = None,
        assign_ip: Optional[str] = None,
        assign_ip_from: Optional[str] = None,
        authmethod: Optional[str] = None,
        authmethod_remote: Optional[str] = None,
        authpasswd: Optional[str] = None,
        authusr: Optional[str] = None,
        authusrgrp: Optional[str] = None,
        auto_negotiate: Optional[str] = None,
        azure_ad_autoconnect: Optional[str] = None,
        backup_gateways: Optional[Sequence[Phase1BackupGatewayArgs]] = None,
        banner: Optional[str] = None,
        cert_id_validation: Optional[str] = None,
        cert_peer_username_strip: Optional[str] = None,
        cert_peer_username_validation: Optional[str] = None,
        cert_trust_store: Optional[str] = None,
        certificates: Optional[Sequence[Phase1CertificateArgs]] = None,
        childless_ike: Optional[str] = None,
        client_auto_negotiate: Optional[str] = None,
        client_keep_alive: Optional[str] = None,
        client_resume: Optional[str] = None,
        client_resume_interval: Optional[int] = None,
        comments: Optional[str] = None,
        dev_id: Optional[str] = None,
        dev_id_notification: Optional[str] = None,
        dhcp6_ra_linkaddr: Optional[str] = None,
        dhcp_ra_giaddr: Optional[str] = None,
        dhgrp: Optional[str] = None,
        digital_signature_auth: Optional[str] = None,
        distance: Optional[int] = None,
        dns_mode: Optional[str] = None,
        domain: Optional[str] = None,
        dpd: Optional[str] = None,
        dpd_retrycount: Optional[int] = None,
        dpd_retryinterval: Optional[str] = None,
        dynamic_sort_subtable: Optional[str] = None,
        eap: Optional[str] = None,
        eap_cert_auth: Optional[str] = None,
        eap_exclude_peergrp: Optional[str] = None,
        eap_identity: Optional[str] = None,
        ems_sn_check: Optional[str] = None,
        enforce_unique_id: Optional[str] = None,
        esn: Optional[str] = None,
        exchange_fgt_device_id: Optional[str] = None,
        fallback_tcp_threshold: Optional[int] = None,
        fec_base: Optional[int] = None,
        fec_codec: Optional[int] = None,
        fec_codec_string: Optional[str] = None,
        fec_egress: Optional[str] = None,
        fec_health_check: Optional[str] = None,
        fec_ingress: Optional[str] = None,
        fec_mapping_profile: Optional[str] = None,
        fec_receive_timeout: Optional[int] = None,
        fec_redundant: Optional[int] = None,
        fec_send_timeout: Optional[int] = None,
        fgsp_sync: Optional[str] = None,
        forticlient_enforcement: Optional[str] = None,
        fortinet_esp: Optional[str] = None,
        fragmentation: Optional[str] = None,
        fragmentation_mtu: Optional[int] = None,
        get_all_tables: Optional[str] = None,
        group_authentication: Optional[str] = None,
        group_authentication_secret: Optional[str] = None,
        ha_sync_esp_seqno: Optional[str] = None,
        idle_timeout: Optional[str] = None,
        idle_timeoutinterval: Optional[int] = None,
        ike_version: Optional[str] = None,
        inbound_dscp_copy: Optional[str] = None,
        include_local_lan: Optional[str] = None,
        interface: Optional[str] = None,
        internal_domain_lists: Optional[Sequence[Phase1InternalDomainListArgs]] = None,
        ip_delay_interval: Optional[int] = None,
        ipv4_dns_server1: Optional[str] = None,
        ipv4_dns_server2: Optional[str] = None,
        ipv4_dns_server3: Optional[str] = None,
        ipv4_end_ip: Optional[str] = None,
        ipv4_exclude_ranges: Optional[Sequence[Phase1Ipv4ExcludeRangeArgs]] = None,
        ipv4_name: Optional[str] = None,
        ipv4_netmask: Optional[str] = None,
        ipv4_split_exclude: Optional[str] = None,
        ipv4_split_include: Optional[str] = None,
        ipv4_start_ip: Optional[str] = None,
        ipv4_wins_server1: Optional[str] = None,
        ipv4_wins_server2: Optional[str] = None,
        ipv6_dns_server1: Optional[str] = None,
        ipv6_dns_server2: Optional[str] = None,
        ipv6_dns_server3: Optional[str] = None,
        ipv6_end_ip: Optional[str] = None,
        ipv6_exclude_ranges: Optional[Sequence[Phase1Ipv6ExcludeRangeArgs]] = None,
        ipv6_name: Optional[str] = None,
        ipv6_prefix: Optional[int] = None,
        ipv6_split_exclude: Optional[str] = None,
        ipv6_split_include: Optional[str] = None,
        ipv6_start_ip: Optional[str] = None,
        keepalive: Optional[int] = None,
        keylife: Optional[int] = None,
        kms: Optional[str] = None,
        link_cost: Optional[int] = None,
        local_gw: Optional[str] = None,
        localid: Optional[str] = None,
        localid_type: Optional[str] = None,
        loopback_asymroute: Optional[str] = None,
        mesh_selector_type: Optional[str] = None,
        mode: Optional[str] = None,
        mode_cfg: Optional[str] = None,
        mode_cfg_allow_client_selector: Optional[str] = None,
        name: Optional[str] = None,
        nattraversal: Optional[str] = None,
        negotiate_timeout: Optional[int] = None,
        network_id: Optional[int] = None,
        network_overlay: Optional[str] = None,
        npu_offload: Optional[str] = None,
        peer: Optional[str] = None,
        peergrp: Optional[str] = None,
        peerid: Optional[str] = None,
        peertype: Optional[str] = None,
        ppk: Optional[str] = None,
        ppk_identity: Optional[str] = None,
        ppk_secret: Optional[str] = None,
        priority: Optional[int] = None,
        proposal: Optional[str] = None,
        psksecret: Optional[str] = None,
        psksecret_remote: Optional[str] = None,
        qkd: Optional[str] = None,
        qkd_profile: Optional[str] = None,
        reauth: Optional[str] = None,
        rekey: Optional[str] = None,
        remote_gw: Optional[str] = None,
        remote_gw6_country: Optional[str] = None,
        remote_gw6_end_ip: Optional[str] = None,
        remote_gw6_match: Optional[str] = None,
        remote_gw6_start_ip: Optional[str] = None,
        remote_gw6_subnet: Optional[str] = None,
        remote_gw_country: Optional[str] = None,
        remote_gw_end_ip: Optional[str] = None,
        remote_gw_match: Optional[str] = None,
        remote_gw_start_ip: Optional[str] = None,
        remote_gw_subnet: Optional[str] = None,
        remotegw_ddns: Optional[str] = None,
        rsa_signature_format: Optional[str] = None,
        rsa_signature_hash_override: Optional[str] = None,
        save_password: Optional[str] = None,
        send_cert_chain: Optional[str] = None,
        signature_hash_alg: Optional[str] = None,
        split_include_service: Optional[str] = None,
        suite_b: Optional[str] = None,
        transport: Optional[str] = None,
        type: Optional[str] = None,
        unity_support: Optional[str] = None,
        usrgrp: Optional[str] = None,
        vdomparam: Optional[str] = None,
        wizard_type: Optional[str] = None,
        xauthtype: Optional[str] = None) -> Phase1

func GetPhase1(ctx *Context, name string, id IDInput, state *Phase1State, opts ...ResourceOption) (*Phase1, error)

public static Phase1 Get(string name, Input<string> id, Phase1State? state, CustomResourceOptions? opts = null)

public static Phase1 get(String name, Output<String> id, Phase1State state, CustomResourceOptions options)

resources:  _:    type: fortios:vpn/ipsec/phase1:Phase1    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AcctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
AddGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
AddRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
AssignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
AssignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
Authmethod string: Authentication method. Valid values: psk, signature.
AuthmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
Authpasswd string: XAuth password (max 35 characters).
Authusr string: XAuth user name.
Authusrgrp string: Authentication user group.
AutoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
AzureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
BackupGateways List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1BackupGateway>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
Banner string: Message that unity client should display after connecting.
CertIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
CertPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
CertPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
CertTrustStore string: CA certificate trust store. Valid values: local, ems.
Certificates List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Certificate>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
ChildlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
ClientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
ClientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
ClientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
ClientResumeInterval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
Comments string: Comment.
DevId string: Device ID carried by the device ID notification.
DevIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
Dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
DhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
Dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
DigitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
Distance int: Distance for routes added by IKE (1 - 255).
DnsMode string: DNS server mode. Valid values: manual, auto.
Domain string: Instruct unity clients about the default DNS domain.
Dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
DpdRetrycount int: Number of DPD retry attempts.
DpdRetryinterval string: DPD retry interval.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
EapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
EapExcludePeergrp string: Peer group excluded from EAP authentication.
EapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
EmsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
EnforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
Esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
ExchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
FallbackTcpThreshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
FecBase int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
FecCodec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
FecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
FecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
FecHealthCheck string: SD-WAN health check.
FecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
FecMappingProfile string: Forward Error Correction (FEC) mapping profile.
FecReceiveTimeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
FecRedundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
FecSendTimeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
FgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
ForticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
FortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
Fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
FragmentationMtu int: IKE fragmentation MTU (500 - 16000).
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GroupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
GroupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
HaSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
IdleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
IdleTimeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
IkeVersion string: IKE protocol version. Valid values: 1, 2.
InboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
IncludeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
Interface string: Local physical, aggregate, or VLAN outgoing interface.
InternalDomainLists List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1InternalDomainList>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
IpDelayInterval int: IP address reuse delay interval in seconds (0 - 28800).
Ipv4DnsServer1 string: IPv4 DNS server 1.
Ipv4DnsServer2 string: IPv4 DNS server 2.
Ipv4DnsServer3 string: IPv4 DNS server 3.
Ipv4EndIp string: End of IPv4 range.
Ipv4ExcludeRanges List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Ipv4ExcludeRange>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
Ipv4Name string: IPv4 address name.
Ipv4Netmask string: IPv4 Netmask.
Ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
Ipv4SplitInclude string: IPv4 split-include subnets.
Ipv4StartIp string: Start of IPv4 range.
Ipv4WinsServer1 string: WINS server 1.
Ipv4WinsServer2 string: WINS server 2.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6DnsServer3 string: IPv6 DNS server 3.
Ipv6EndIp string: End of IPv6 range.
Ipv6ExcludeRanges List<Pulumiverse.Fortios.Vpn.Ipsec.Inputs.Phase1Ipv6ExcludeRange>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
Ipv6Name string: IPv6 address name.
Ipv6Prefix int: IPv6 prefix.
Ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
Ipv6SplitInclude string: IPv6 split-include subnets.
Ipv6StartIp string: Start of IPv6 range.
Keepalive int: NAT-T keep alive interval.
Keylife int: Time to wait in seconds before phase 1 encryption key expires.
Kms string: Key Management Services server.
LinkCost int: VPN tunnel underlay link cost.
LocalGw string: Local VPN gateway.
Localid string: Local ID.
LocalidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
LoopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
MeshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
Mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
ModeCfg string: Enable/disable configuration method. Valid values: disable, enable.
ModeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
Name string: IPsec remote gateway name.
Nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
NegotiateTimeout int: IKE SA negotiation timeout in seconds (1 - 300).
NetworkId int: VPN gateway network ID.
NetworkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
NpuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
Peer string: Accept this peer certificate.
Peergrp string: Accept this peer certificate group.
Peerid string: Accept this peer identity.
Peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
Ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
PpkIdentity string: IKEv2 Postquantum Preshared Key Identity.
PpkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
Priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
Proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
Psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
PsksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
Qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
QkdProfile string: Quantum Key Distribution (QKD) server profile.
Reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
Rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
RemoteGw string: Remote VPN gateway.
RemoteGw6Country string: IPv6 addresses associated to a specific country.
RemoteGw6EndIp string: Last IPv6 address in the range.
RemoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
RemoteGw6StartIp string: First IPv6 address in the range.
RemoteGw6Subnet string: IPv6 address and prefix.
RemoteGwCountry string: IPv4 addresses associated to a specific country.
RemoteGwEndIp string: Last IPv4 address in the range.
RemoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
RemoteGwStartIp string: First IPv4 address in the range.
RemoteGwSubnet string: IPv4 address and subnet mask.
RemotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
RsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
RsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
SavePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
SendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
SignatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
SplitIncludeService string: Split-include services.
SuiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
Transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
Type string: Remote gateway type. Valid values: static, dynamic, ddns.
UnitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
Usrgrp string: User group name for dialup peers.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WizardType string: GUI VPN Wizard Type.
Xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

AcctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
AddGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
AddRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
AssignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
AssignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
Authmethod string: Authentication method. Valid values: psk, signature.
AuthmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
Authpasswd string: XAuth password (max 35 characters).
Authusr string: XAuth user name.
Authusrgrp string: Authentication user group.
AutoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
AzureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
BackupGateways []Phase1BackupGatewayArgs: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
Banner string: Message that unity client should display after connecting.
CertIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
CertPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
CertPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
CertTrustStore string: CA certificate trust store. Valid values: local, ems.
Certificates []Phase1CertificateArgs: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
ChildlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
ClientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
ClientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
ClientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
ClientResumeInterval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
Comments string: Comment.
DevId string: Device ID carried by the device ID notification.
DevIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
Dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
DhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
Dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
DigitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
Distance int: Distance for routes added by IKE (1 - 255).
DnsMode string: DNS server mode. Valid values: manual, auto.
Domain string: Instruct unity clients about the default DNS domain.
Dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
DpdRetrycount int: Number of DPD retry attempts.
DpdRetryinterval string: DPD retry interval.
DynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
Eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
EapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
EapExcludePeergrp string: Peer group excluded from EAP authentication.
EapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
EmsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
EnforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
Esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
ExchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
FallbackTcpThreshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
FecBase int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
FecCodec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
FecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
FecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
FecHealthCheck string: SD-WAN health check.
FecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
FecMappingProfile string: Forward Error Correction (FEC) mapping profile.
FecReceiveTimeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
FecRedundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
FecSendTimeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
FgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
ForticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
FortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
Fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
FragmentationMtu int: IKE fragmentation MTU (500 - 16000).
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
GroupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
GroupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
HaSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
IdleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
IdleTimeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
IkeVersion string: IKE protocol version. Valid values: 1, 2.
InboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
IncludeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
Interface string: Local physical, aggregate, or VLAN outgoing interface.
InternalDomainLists []Phase1InternalDomainListArgs: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
IpDelayInterval int: IP address reuse delay interval in seconds (0 - 28800).
Ipv4DnsServer1 string: IPv4 DNS server 1.
Ipv4DnsServer2 string: IPv4 DNS server 2.
Ipv4DnsServer3 string: IPv4 DNS server 3.
Ipv4EndIp string: End of IPv4 range.
Ipv4ExcludeRanges []Phase1Ipv4ExcludeRangeArgs: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
Ipv4Name string: IPv4 address name.
Ipv4Netmask string: IPv4 Netmask.
Ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
Ipv4SplitInclude string: IPv4 split-include subnets.
Ipv4StartIp string: Start of IPv4 range.
Ipv4WinsServer1 string: WINS server 1.
Ipv4WinsServer2 string: WINS server 2.
Ipv6DnsServer1 string: IPv6 DNS server 1.
Ipv6DnsServer2 string: IPv6 DNS server 2.
Ipv6DnsServer3 string: IPv6 DNS server 3.
Ipv6EndIp string: End of IPv6 range.
Ipv6ExcludeRanges []Phase1Ipv6ExcludeRangeArgs: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
Ipv6Name string: IPv6 address name.
Ipv6Prefix int: IPv6 prefix.
Ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
Ipv6SplitInclude string: IPv6 split-include subnets.
Ipv6StartIp string: Start of IPv6 range.
Keepalive int: NAT-T keep alive interval.
Keylife int: Time to wait in seconds before phase 1 encryption key expires.
Kms string: Key Management Services server.
LinkCost int: VPN tunnel underlay link cost.
LocalGw string: Local VPN gateway.
Localid string: Local ID.
LocalidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
LoopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
MeshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
Mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
ModeCfg string: Enable/disable configuration method. Valid values: disable, enable.
ModeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
Name string: IPsec remote gateway name.
Nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
NegotiateTimeout int: IKE SA negotiation timeout in seconds (1 - 300).
NetworkId int: VPN gateway network ID.
NetworkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
NpuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
Peer string: Accept this peer certificate.
Peergrp string: Accept this peer certificate group.
Peerid string: Accept this peer identity.
Peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
Ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
PpkIdentity string: IKEv2 Postquantum Preshared Key Identity.
PpkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
Priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
Proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
Psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
PsksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
Qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
QkdProfile string: Quantum Key Distribution (QKD) server profile.
Reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
Rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
RemoteGw string: Remote VPN gateway.
RemoteGw6Country string: IPv6 addresses associated to a specific country.
RemoteGw6EndIp string: Last IPv6 address in the range.
RemoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
RemoteGw6StartIp string: First IPv6 address in the range.
RemoteGw6Subnet string: IPv6 address and prefix.
RemoteGwCountry string: IPv4 addresses associated to a specific country.
RemoteGwEndIp string: Last IPv4 address in the range.
RemoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
RemoteGwStartIp string: First IPv4 address in the range.
RemoteGwSubnet string: IPv4 address and subnet mask.
RemotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
RsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
RsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
SavePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
SendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
SignatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
SplitIncludeService string: Split-include services.
SuiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
Transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
Type string: Remote gateway type. Valid values: static, dynamic, ddns.
UnitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
Usrgrp string: User group name for dialup peers.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
WizardType string: GUI VPN Wizard Type.
Xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

acctVerify String: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute String: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute String: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp String: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom String: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod String: Authentication method. Valid values: psk, signature.
authmethodRemote String: Authentication method (remote side). Valid values: psk, signature.
authpasswd String: XAuth password (max 35 characters).
authusr String: XAuth user name.
authusrgrp String: Authentication user group.
autoNegotiate String: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect String: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways List<Phase1BackupGateway>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner String: Message that unity client should display after connecting.
certIdValidation String: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip String: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation String: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore String: CA certificate trust store. Valid values: local, ems.
certificates List<Phase1Certificate>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke String: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate String: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive String: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume String: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval Integer: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments String: Comment.
devId String: Device ID carried by the device ID notification.
devIdNotification String: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr String: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr String: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp String: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth String: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance Integer: Distance for routes added by IKE (1 - 255).
dnsMode String: DNS server mode. Valid values: manual, auto.
domain String: Instruct unity clients about the default DNS domain.
dpd String: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount Integer: Number of DPD retry attempts.
dpdRetryinterval String: DPD retry interval.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap String: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth String: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp String: Peer group excluded from EAP authentication.
eapIdentity String: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck String: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId String: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn String: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId String: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold Integer: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase Integer: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec Integer: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString String: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress String: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck String: SD-WAN health check.
fecIngress String: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile String: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout Integer: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant Integer: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout Integer: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync String: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement String: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp String: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation String: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu Integer: IKE fragmentation MTU (500 - 16000).
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication String: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret String: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno String: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout String: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval Integer: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion String: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy String: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan String: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
interface_ String: Local physical, aggregate, or VLAN outgoing interface.
internalDomainLists List<Phase1InternalDomainList>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval Integer: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 String: IPv4 DNS server 1.
ipv4DnsServer2 String: IPv4 DNS server 2.
ipv4DnsServer3 String: IPv4 DNS server 3.
ipv4EndIp String: End of IPv4 range.
ipv4ExcludeRanges List<Phase1Ipv4ExcludeRange>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name String: IPv4 address name.
ipv4Netmask String: IPv4 Netmask.
ipv4SplitExclude String: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude String: IPv4 split-include subnets.
ipv4StartIp String: Start of IPv4 range.
ipv4WinsServer1 String: WINS server 1.
ipv4WinsServer2 String: WINS server 2.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6DnsServer3 String: IPv6 DNS server 3.
ipv6EndIp String: End of IPv6 range.
ipv6ExcludeRanges List<Phase1Ipv6ExcludeRange>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name String: IPv6 address name.
ipv6Prefix Integer: IPv6 prefix.
ipv6SplitExclude String: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude String: IPv6 split-include subnets.
ipv6StartIp String: Start of IPv6 range.
keepalive Integer: NAT-T keep alive interval.
keylife Integer: Time to wait in seconds before phase 1 encryption key expires.
kms String: Key Management Services server.
linkCost Integer: VPN tunnel underlay link cost.
localGw String: Local VPN gateway.
localid String: Local ID.
localidType String: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute String: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType String: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode String: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg String: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector String: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name String: IPsec remote gateway name.
nattraversal String: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout Integer: IKE SA negotiation timeout in seconds (1 - 300).
networkId Integer: VPN gateway network ID.
networkOverlay String: Enable/disable network overlays. Valid values: disable, enable.
npuOffload String: Enable/disable offloading NPU. Valid values: enable, disable.
peer String: Accept this peer certificate.
peergrp String: Accept this peer certificate group.
peerid String: Accept this peer identity.
peertype String: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk String: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity String: IKEv2 Postquantum Preshared Key Identity.
ppkSecret String: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority Integer: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
proposal String: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret String: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
psksecretRemote String: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd String: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile String: Quantum Key Distribution (QKD) server profile.
reauth String: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey String: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw String: Remote VPN gateway.
remoteGw6Country String: IPv6 addresses associated to a specific country.
remoteGw6EndIp String: Last IPv6 address in the range.
remoteGw6Match String: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp String: First IPv6 address in the range.
remoteGw6Subnet String: IPv6 address and prefix.
remoteGwCountry String: IPv4 addresses associated to a specific country.
remoteGwEndIp String: Last IPv4 address in the range.
remoteGwMatch String: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp String: First IPv4 address in the range.
remoteGwSubnet String: IPv4 address and subnet mask.
remotegwDdns String: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat String: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride String: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword String: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain String: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg String: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService String: Split-include services.
suiteB String: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport String: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type String: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport String: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp String: User group name for dialup peers.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType String: GUI VPN Wizard Type.
xauthtype String: XAuth type. Valid values: disable, client, pap, chap, auto.

acctVerify string: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute string: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute string: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp string: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom string: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod string: Authentication method. Valid values: psk, signature.
authmethodRemote string: Authentication method (remote side). Valid values: psk, signature.
authpasswd string: XAuth password (max 35 characters).
authusr string: XAuth user name.
authusrgrp string: Authentication user group.
autoNegotiate string: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect string: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways Phase1BackupGateway[]: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner string: Message that unity client should display after connecting.
certIdValidation string: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip string: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation string: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore string: CA certificate trust store. Valid values: local, ems.
certificates Phase1Certificate[]: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke string: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate string: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive string: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume string: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval number: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments string: Comment.
devId string: Device ID carried by the device ID notification.
devIdNotification string: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr string: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr string: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp string: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth string: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance number: Distance for routes added by IKE (1 - 255).
dnsMode string: DNS server mode. Valid values: manual, auto.
domain string: Instruct unity clients about the default DNS domain.
dpd string: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount number: Number of DPD retry attempts.
dpdRetryinterval string: DPD retry interval.
dynamicSortSubtable string: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap string: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth string: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp string: Peer group excluded from EAP authentication.
eapIdentity string: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck string: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId string: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn string: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId string: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold number: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase number: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec number: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString string: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress string: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck string: SD-WAN health check.
fecIngress string: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile string: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout number: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant number: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout number: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync string: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement string: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp string: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation string: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu number: IKE fragmentation MTU (500 - 16000).
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication string: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret string: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno string: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout string: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval number: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion string: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy string: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan string: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
interface string: Local physical, aggregate, or VLAN outgoing interface.
internalDomainLists Phase1InternalDomainList[]: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval number: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 string: IPv4 DNS server 1.
ipv4DnsServer2 string: IPv4 DNS server 2.
ipv4DnsServer3 string: IPv4 DNS server 3.
ipv4EndIp string: End of IPv4 range.
ipv4ExcludeRanges Phase1Ipv4ExcludeRange[]: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name string: IPv4 address name.
ipv4Netmask string: IPv4 Netmask.
ipv4SplitExclude string: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude string: IPv4 split-include subnets.
ipv4StartIp string: Start of IPv4 range.
ipv4WinsServer1 string: WINS server 1.
ipv4WinsServer2 string: WINS server 2.
ipv6DnsServer1 string: IPv6 DNS server 1.
ipv6DnsServer2 string: IPv6 DNS server 2.
ipv6DnsServer3 string: IPv6 DNS server 3.
ipv6EndIp string: End of IPv6 range.
ipv6ExcludeRanges Phase1Ipv6ExcludeRange[]: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name string: IPv6 address name.
ipv6Prefix number: IPv6 prefix.
ipv6SplitExclude string: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude string: IPv6 split-include subnets.
ipv6StartIp string: Start of IPv6 range.
keepalive number: NAT-T keep alive interval.
keylife number: Time to wait in seconds before phase 1 encryption key expires.
kms string: Key Management Services server.
linkCost number: VPN tunnel underlay link cost.
localGw string: Local VPN gateway.
localid string: Local ID.
localidType string: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute string: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType string: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode string: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg string: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector string: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name string: IPsec remote gateway name.
nattraversal string: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout number: IKE SA negotiation timeout in seconds (1 - 300).
networkId number: VPN gateway network ID.
networkOverlay string: Enable/disable network overlays. Valid values: disable, enable.
npuOffload string: Enable/disable offloading NPU. Valid values: enable, disable.
peer string: Accept this peer certificate.
peergrp string: Accept this peer certificate group.
peerid string: Accept this peer identity.
peertype string: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk string: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity string: IKEv2 Postquantum Preshared Key Identity.
ppkSecret string: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority number: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
proposal string: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret string: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
psksecretRemote string: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd string: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile string: Quantum Key Distribution (QKD) server profile.
reauth string: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey string: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw string: Remote VPN gateway.
remoteGw6Country string: IPv6 addresses associated to a specific country.
remoteGw6EndIp string: Last IPv6 address in the range.
remoteGw6Match string: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp string: First IPv6 address in the range.
remoteGw6Subnet string: IPv6 address and prefix.
remoteGwCountry string: IPv4 addresses associated to a specific country.
remoteGwEndIp string: Last IPv4 address in the range.
remoteGwMatch string: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp string: First IPv4 address in the range.
remoteGwSubnet string: IPv4 address and subnet mask.
remotegwDdns string: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat string: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride string: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword string: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain string: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg string: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService string: Split-include services.
suiteB string: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport string: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type string: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport string: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp string: User group name for dialup peers.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType string: GUI VPN Wizard Type.
xauthtype string: XAuth type. Valid values: disable, client, pap, chap, auto.

acct_verify str: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
add_gw_route str: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
add_route str: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assign_ip str: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assign_ip_from str: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod str: Authentication method. Valid values: psk, signature.
authmethod_remote str: Authentication method (remote side). Valid values: psk, signature.
authpasswd str: XAuth password (max 35 characters).
authusr str: XAuth user name.
authusrgrp str: Authentication user group.
auto_negotiate str: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azure_ad_autoconnect str: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backup_gateways Sequence[Phase1BackupGatewayArgs]: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner str: Message that unity client should display after connecting.
cert_id_validation str: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
cert_peer_username_strip str: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
cert_peer_username_validation str: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
cert_trust_store str: CA certificate trust store. Valid values: local, ems.
certificates Sequence[Phase1CertificateArgs]: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childless_ike str: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
client_auto_negotiate str: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
client_keep_alive str: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
client_resume str: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
client_resume_interval int: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments str: Comment.
dev_id str: Device ID carried by the device ID notification.
dev_id_notification str: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6_ra_linkaddr str: Relay agent IPv6 link address to use in DHCP6 requests.
dhcp_ra_giaddr str: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp str: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digital_signature_auth str: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance int: Distance for routes added by IKE (1 - 255).
dns_mode str: DNS server mode. Valid values: manual, auto.
domain str: Instruct unity clients about the default DNS domain.
dpd str: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpd_retrycount int: Number of DPD retry attempts.
dpd_retryinterval str: DPD retry interval.
dynamic_sort_subtable str: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap str: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eap_cert_auth str: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eap_exclude_peergrp str: Peer group excluded from EAP authentication.
eap_identity str: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
ems_sn_check str: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforce_unique_id str: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn str: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchange_fgt_device_id str: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallback_tcp_threshold int: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fec_base int: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fec_codec int: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fec_codec_string str: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fec_egress str: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fec_health_check str: SD-WAN health check.
fec_ingress str: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fec_mapping_profile str: Forward Error Correction (FEC) mapping profile.
fec_receive_timeout int: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fec_redundant int: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fec_send_timeout int: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgsp_sync str: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlient_enforcement str: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinet_esp str: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation str: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentation_mtu int: IKE fragmentation MTU (500 - 16000).
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
group_authentication str: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
group_authentication_secret str: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
ha_sync_esp_seqno str: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idle_timeout str: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idle_timeoutinterval int: IPsec tunnel idle timeout in minutes (5 - 43200).
ike_version str: IKE protocol version. Valid values: 1, 2.
inbound_dscp_copy str: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
include_local_lan str: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
interface str: Local physical, aggregate, or VLAN outgoing interface.
internal_domain_lists Sequence[Phase1InternalDomainListArgs]: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ip_delay_interval int: IP address reuse delay interval in seconds (0 - 28800).
ipv4_dns_server1 str: IPv4 DNS server 1.
ipv4_dns_server2 str: IPv4 DNS server 2.
ipv4_dns_server3 str: IPv4 DNS server 3.
ipv4_end_ip str: End of IPv4 range.
ipv4_exclude_ranges Sequence[Phase1Ipv4ExcludeRangeArgs]: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4_name str: IPv4 address name.
ipv4_netmask str: IPv4 Netmask.
ipv4_split_exclude str: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4_split_include str: IPv4 split-include subnets.
ipv4_start_ip str: Start of IPv4 range.
ipv4_wins_server1 str: WINS server 1.
ipv4_wins_server2 str: WINS server 2.
ipv6_dns_server1 str: IPv6 DNS server 1.
ipv6_dns_server2 str: IPv6 DNS server 2.
ipv6_dns_server3 str: IPv6 DNS server 3.
ipv6_end_ip str: End of IPv6 range.
ipv6_exclude_ranges Sequence[Phase1Ipv6ExcludeRangeArgs]: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6_name str: IPv6 address name.
ipv6_prefix int: IPv6 prefix.
ipv6_split_exclude str: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6_split_include str: IPv6 split-include subnets.
ipv6_start_ip str: Start of IPv6 range.
keepalive int: NAT-T keep alive interval.
keylife int: Time to wait in seconds before phase 1 encryption key expires.
kms str: Key Management Services server.
link_cost int: VPN tunnel underlay link cost.
local_gw str: Local VPN gateway.
localid str: Local ID.
localid_type str: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopback_asymroute str: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
mesh_selector_type str: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode str: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
mode_cfg str: Enable/disable configuration method. Valid values: disable, enable.
mode_cfg_allow_client_selector str: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name str: IPsec remote gateway name.
nattraversal str: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiate_timeout int: IKE SA negotiation timeout in seconds (1 - 300).
network_id int: VPN gateway network ID.
network_overlay str: Enable/disable network overlays. Valid values: disable, enable.
npu_offload str: Enable/disable offloading NPU. Valid values: enable, disable.
peer str: Accept this peer certificate.
peergrp str: Accept this peer certificate group.
peerid str: Accept this peer identity.
peertype str: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk str: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppk_identity str: IKEv2 Postquantum Preshared Key Identity.
ppk_secret str: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority int: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
proposal str: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret str: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
psksecret_remote str: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd str: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkd_profile str: Quantum Key Distribution (QKD) server profile.
reauth str: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey str: Enable/disable phase1 rekey. Valid values: enable, disable.
remote_gw str: Remote VPN gateway.
remote_gw6_country str: IPv6 addresses associated to a specific country.
remote_gw6_end_ip str: Last IPv6 address in the range.
remote_gw6_match str: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remote_gw6_start_ip str: First IPv6 address in the range.
remote_gw6_subnet str: IPv6 address and prefix.
remote_gw_country str: IPv4 addresses associated to a specific country.
remote_gw_end_ip str: Last IPv4 address in the range.
remote_gw_match str: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remote_gw_start_ip str: First IPv4 address in the range.
remote_gw_subnet str: IPv4 address and subnet mask.
remotegw_ddns str: Domain name of remote gateway. For example, name.ddns.com.
rsa_signature_format str: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsa_signature_hash_override str: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
save_password str: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
send_cert_chain str: Enable/disable sending certificate chain. Valid values: enable, disable.
signature_hash_alg str: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
split_include_service str: Split-include services.
suite_b str: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport str: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type str: Remote gateway type. Valid values: static, dynamic, ddns.
unity_support str: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp str: User group name for dialup peers.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizard_type str: GUI VPN Wizard Type.
xauthtype str: XAuth type. Valid values: disable, client, pap, chap, auto.

acctVerify String: Enable/disable verification of RADIUS accounting record. Valid values: enable, disable.
addGwRoute String: Enable/disable automatically add a route to the remote gateway. Valid values: enable, disable.
addRoute String: Enable/disable control addition of a route to peer destination selector. Valid values: disable, enable.
assignIp String: Enable/disable assignment of IP to IPsec interface via configuration method. Valid values: disable, enable.
assignIpFrom String: Method by which the IP address will be assigned. Valid values: range, usrgrp, dhcp, name.
authmethod String: Authentication method. Valid values: psk, signature.
authmethodRemote String: Authentication method (remote side). Valid values: psk, signature.
authpasswd String: XAuth password (max 35 characters).
authusr String: XAuth user name.
authusrgrp String: Authentication user group.
autoNegotiate String: Enable/disable automatic initiation of IKE SA negotiation. Valid values: enable, disable.
azureAdAutoconnect String: Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: enable, disable.
backupGateways List<Property Map>: Instruct unity clients about the backup gateway address(es). The structure of backup_gateway block is documented below.
banner String: Message that unity client should display after connecting.
certIdValidation String: Enable/disable cross validation of peer ID and the identity in the peer's certificate as specified in RFC 4945. Valid values: enable, disable.
certPeerUsernameStrip String: Enable/disable domain stripping on certificate identity. Valid values: disable, enable.
certPeerUsernameValidation String: Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: none, othername, rfc822name, cn.
certTrustStore String: CA certificate trust store. Valid values: local, ems.
certificates List<Property Map>: Names of up to 4 signed personal certificates. The structure of certificate block is documented below.
childlessIke String: Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: enable, disable.
clientAutoNegotiate String: Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. Valid values: disable, enable.
clientKeepAlive String: Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. Valid values: disable, enable.
clientResume String: Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: enable, disable.
clientResumeInterval Number: Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800).
comments String: Comment.
devId String: Device ID carried by the device ID notification.
devIdNotification String: Enable/disable device ID notification. Valid values: disable, enable.
dhcp6RaLinkaddr String: Relay agent IPv6 link address to use in DHCP6 requests.
dhcpRaGiaddr String: Relay agent gateway IP address to use in the giaddr field of DHCP requests.
dhgrp String: DH group. Valid values: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32.
digitalSignatureAuth String: Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: enable, disable.
distance Number: Distance for routes added by IKE (1 - 255).
dnsMode String: DNS server mode. Valid values: manual, auto.
domain String: Instruct unity clients about the default DNS domain.
dpd String: Dead Peer Detection mode. Valid values: disable, on-idle, on-demand.
dpdRetrycount Number: Number of DPD retry attempts.
dpdRetryinterval String: DPD retry interval.
dynamicSortSubtable String: Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] -> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] -> [ a10, a2 ].
eap String: Enable/disable IKEv2 EAP authentication. Valid values: enable, disable.
eapCertAuth String: Enable/disable peer certificate authentication in addition to EAP if peer is a FortiClient endpoint. Valid values: enable, disable.
eapExcludePeergrp String: Peer group excluded from EAP authentication.
eapIdentity String: IKEv2 EAP peer identity type. Valid values: use-id-payload, send-request.
emsSnCheck String: Enable/disable verification of EMS serial number. Valid values: enable, disable.
enforceUniqueId String: Enable/disable peer ID uniqueness check. Valid values: disable, keep-new, keep-old.
esn String: Extended sequence number (ESN) negotiation. Valid values: require, allow, disable.
exchangeFgtDeviceId String: Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: enable, disable.
fallbackTcpThreshold Number: Timeout in seconds before falling back IKE/IPsec traffic to tcp.
fecBase Number: Number of base Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 100. On FortiOS versions >= 7.0.2: 1 - 20.
fecCodec Number: ipsec fec encoding/decoding algorithm (0: reed-solomon, 1: xor). Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec_string.
fecCodecString String: Forward Error Correction encoding/decoding algorithm. Due to the data type change of API, for other versions of FortiOS, please check variable fec-codec. Valid values: rs, xor.
fecEgress String: Enable/disable Forward Error Correction for egress IPsec traffic. Valid values: enable, disable.
fecHealthCheck String: SD-WAN health check.
fecIngress String: Enable/disable Forward Error Correction for ingress IPsec traffic. Valid values: enable, disable.
fecMappingProfile String: Forward Error Correction (FEC) mapping profile.
fecReceiveTimeout Number: Timeout in milliseconds before dropping Forward Error Correction packets. On FortiOS versions 6.2.4-7.0.1: 1 - 10000. On FortiOS versions >= 7.0.2: 1 - 1000.
fecRedundant Number: Number of redundant Forward Error Correction packets. On FortiOS versions 6.2.4-6.2.6: 0 - 100, when fec-codec is reed-solomon or 1 when fec-codec is xor. On FortiOS versions >= 7.0.2: 1 - 5 for reed-solomon, 1 for xor.
fecSendTimeout Number: Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000).
fgspSync String: Enable/disable IPsec syncing of tunnels for FGSP IPsec. Valid values: enable, disable.
forticlientEnforcement String: Enable/disable FortiClient enforcement. Valid values: enable, disable.
fortinetEsp String: Enable/disable Fortinet ESP encapsulaton. Valid values: enable, disable.
fragmentation String: Enable/disable fragment IKE message on re-transmission. Valid values: enable, disable.
fragmentationMtu Number: IKE fragmentation MTU (500 - 16000).
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
groupAuthentication String: Enable/disable IKEv2 IDi group authentication. Valid values: enable, disable.
groupAuthenticationSecret String: Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x.
haSyncEspSeqno String: Enable/disable sequence number jump ahead for IPsec HA. Valid values: enable, disable.
idleTimeout String: Enable/disable IPsec tunnel idle timeout. Valid values: enable, disable.
idleTimeoutinterval Number: IPsec tunnel idle timeout in minutes (5 - 43200).
ikeVersion String: IKE protocol version. Valid values: 1, 2.
inboundDscpCopy String: Enable/disable copy the dscp in the ESP header to the inner IP Header. Valid values: enable, disable.
includeLocalLan String: Enable/disable allow local LAN access on unity clients. Valid values: disable, enable.
interface String: Local physical, aggregate, or VLAN outgoing interface.
internalDomainLists List<Property Map>: One or more internal domain names in quotes separated by spaces. The structure of internal_domain_list block is documented below.
ipDelayInterval Number: IP address reuse delay interval in seconds (0 - 28800).
ipv4DnsServer1 String: IPv4 DNS server 1.
ipv4DnsServer2 String: IPv4 DNS server 2.
ipv4DnsServer3 String: IPv4 DNS server 3.
ipv4EndIp String: End of IPv4 range.
ipv4ExcludeRanges List<Property Map>: Configuration Method IPv4 exclude ranges. The structure of ipv4_exclude_range block is documented below.
ipv4Name String: IPv4 address name.
ipv4Netmask String: IPv4 Netmask.
ipv4SplitExclude String: IPv4 subnets that should not be sent over the IPsec tunnel.
ipv4SplitInclude String: IPv4 split-include subnets.
ipv4StartIp String: Start of IPv4 range.
ipv4WinsServer1 String: WINS server 1.
ipv4WinsServer2 String: WINS server 2.
ipv6DnsServer1 String: IPv6 DNS server 1.
ipv6DnsServer2 String: IPv6 DNS server 2.
ipv6DnsServer3 String: IPv6 DNS server 3.
ipv6EndIp String: End of IPv6 range.
ipv6ExcludeRanges List<Property Map>: Configuration method IPv6 exclude ranges. The structure of ipv6_exclude_range block is documented below.
ipv6Name String: IPv6 address name.
ipv6Prefix Number: IPv6 prefix.
ipv6SplitExclude String: IPv6 subnets that should not be sent over the IPsec tunnel.
ipv6SplitInclude String: IPv6 split-include subnets.
ipv6StartIp String: Start of IPv6 range.
keepalive Number: NAT-T keep alive interval.
keylife Number: Time to wait in seconds before phase 1 encryption key expires.
kms String: Key Management Services server.
linkCost Number: VPN tunnel underlay link cost.
localGw String: Local VPN gateway.
localid String: Local ID.
localidType String: Local ID type. Valid values: auto, fqdn, user-fqdn, keyid, address, asn1dn.
loopbackAsymroute String: Enable/disable asymmetric routing for IKE traffic on loopback interface. Valid values: enable, disable.
meshSelectorType String: Add selectors containing subsets of the configuration depending on traffic. Valid values: disable, subnet, host.
mode String: ID protection mode used to establish a secure channel. Valid values: aggressive, main.
modeCfg String: Enable/disable configuration method. Valid values: disable, enable.
modeCfgAllowClientSelector String: Enable/disable mode-cfg client to use custom phase2 selectors. Valid values: disable, enable.
name String: IPsec remote gateway name.
nattraversal String: Enable/disable NAT traversal. Valid values: enable, disable, forced.
negotiateTimeout Number: IKE SA negotiation timeout in seconds (1 - 300).
networkId Number: VPN gateway network ID.
networkOverlay String: Enable/disable network overlays. Valid values: disable, enable.
npuOffload String: Enable/disable offloading NPU. Valid values: enable, disable.
peer String: Accept this peer certificate.
peergrp String: Accept this peer certificate group.
peerid String: Accept this peer identity.
peertype String: Accept this peer type. Valid values: any, one, dialup, peer, peergrp.
ppk String: Enable/disable IKEv2 Postquantum Preshared Key (PPK). Valid values: disable, allow, require.
ppkIdentity String: IKEv2 Postquantum Preshared Key Identity.
ppkSecret String: IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).
priority Number: Priority for routes added by IKE. On FortiOS versions 6.2.0-7.0.3: 0 - 4294967295. On FortiOS versions >= 7.0.4: 1 - 65535.
proposal String: Phase1 proposal. Valid values: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512.
psksecret String: Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
psksecretRemote String: Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x).
qkd String: Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: disable, allow, require.
qkdProfile String: Quantum Key Distribution (QKD) server profile.
reauth String: Enable/disable re-authentication upon IKE SA lifetime expiration. Valid values: disable, enable.
rekey String: Enable/disable phase1 rekey. Valid values: enable, disable.
remoteGw String: Remote VPN gateway.
remoteGw6Country String: IPv6 addresses associated to a specific country.
remoteGw6EndIp String: Last IPv6 address in the range.
remoteGw6Match String: Set type of IPv6 remote gateway address matching. Valid values: any, ipprefix, iprange, geography.
remoteGw6StartIp String: First IPv6 address in the range.
remoteGw6Subnet String: IPv6 address and prefix.
remoteGwCountry String: IPv4 addresses associated to a specific country.
remoteGwEndIp String: Last IPv4 address in the range.
remoteGwMatch String: Set type of IPv4 remote gateway address matching. Valid values: any, ipmask, iprange, geography.
remoteGwStartIp String: First IPv4 address in the range.
remoteGwSubnet String: IPv4 address and subnet mask.
remotegwDdns String: Domain name of remote gateway. For example, name.ddns.com.
rsaSignatureFormat String: Digital Signature Authentication RSA signature format. Valid values: pkcs1, pss.
rsaSignatureHashOverride String: Enable/disable IKEv2 RSA signature hash algorithm override. Valid values: enable, disable.
savePassword String: Enable/disable saving XAuth username and password on VPN clients. Valid values: disable, enable.
sendCertChain String: Enable/disable sending certificate chain. Valid values: enable, disable.
signatureHashAlg String: Digital Signature Authentication hash algorithms. Valid values: sha1, sha2-256, sha2-384, sha2-512.
splitIncludeService String: Split-include services.
suiteB String: Use Suite-B. Valid values: disable, suite-b-gcm-128, suite-b-gcm-256.
transport String: Set IKE transport protocol. Valid values: udp, udp-fallback-tcp, tcp.
type String: Remote gateway type. Valid values: static, dynamic, ddns.
unitySupport String: Enable/disable support for Cisco UNITY Configuration Method extensions. Valid values: disable, enable.
usrgrp String: User group name for dialup peers.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
wizardType String: GUI VPN Wizard Type.
xauthtype String: XAuth type. Valid values: disable, client, pap, chap, auto.

Supporting Types

Phase1BackupGateway, Phase1BackupGatewayArgs

Address string: Address of backup gateway.

Address string: Address of backup gateway.

address String: Address of backup gateway.

address string: Address of backup gateway.

address str: Address of backup gateway.

address String: Address of backup gateway.

Phase1Certificate, Phase1CertificateArgs

Name string: Certificate name.

Name string: Certificate name.

name String: Certificate name.

name string: Certificate name.

name str: Certificate name.

name String: Certificate name.