Docs Home
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
fortimanager.ObjectFirewallAccessproxy
Explore with Pulumi AI
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
Configure Access Proxy.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
api_gateway:fortimanager.ObjectFirewallAccessproxyApigatewayapi_gateway6:fortimanager.ObjectFirewallAccessproxyApigateway6realservers:fortimanager.ObjectFirewallAccessproxyRealserversserver_pubkey_auth_settings:fortimanager.ObjectFirewallAccessproxyServerpubkeyauthsettings
Create ObjectFirewallAccessproxy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectFirewallAccessproxy(name: string, args?: ObjectFirewallAccessproxyArgs, opts?: CustomResourceOptions);@overload
def ObjectFirewallAccessproxy(resource_name: str,
args: Optional[ObjectFirewallAccessproxyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectFirewallAccessproxy(resource_name: str,
opts: Optional[ResourceOptions] = None,
add_vhost_domain_to_dnsdb: Optional[str] = None,
adom: Optional[str] = None,
api_gateway6s: Optional[Sequence[ObjectFirewallAccessproxyApiGateway6Args]] = None,
api_gateways: Optional[Sequence[ObjectFirewallAccessproxyApiGatewayArgs]] = None,
auth_portal: Optional[str] = None,
auth_virtual_host: Optional[str] = None,
client_cert: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
empty_cert_action: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
ldb_method: Optional[str] = None,
log_blocked_traffic: Optional[str] = None,
name: Optional[str] = None,
object_firewall_accessproxy_id: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallAccessproxyRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_pubkey_auth: Optional[str] = None,
server_pubkey_auth_settings: Optional[ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs] = None,
svr_pool_multiplex: Optional[str] = None,
svr_pool_server_max_concurrent_request: Optional[float] = None,
svr_pool_server_max_request: Optional[float] = None,
svr_pool_ttl: Optional[float] = None,
user_agent_detect: Optional[str] = None,
vip: Optional[str] = None)func NewObjectFirewallAccessproxy(ctx *Context, name string, args *ObjectFirewallAccessproxyArgs, opts ...ResourceOption) (*ObjectFirewallAccessproxy, error)public ObjectFirewallAccessproxy(string name, ObjectFirewallAccessproxyArgs? args = null, CustomResourceOptions? opts = null)public ObjectFirewallAccessproxy(String name, ObjectFirewallAccessproxyArgs args)
public ObjectFirewallAccessproxy(String name, ObjectFirewallAccessproxyArgs args, CustomResourceOptions options)
type: fortimanager:ObjectFirewallAccessproxy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallAccessproxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args ObjectFirewallAccessproxyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallAccessproxyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args ObjectFirewallAccessproxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectFirewallAccessproxyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectFirewallAccessproxyResource = new Fortimanager.ObjectFirewallAccessproxy("objectFirewallAccessproxyResource", new()
{
AddVhostDomainToDnsdb = "string",
Adom = "string",
ApiGateway6s = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGateway6Args
{
Applications = new[]
{
"string",
},
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpsCookieSecure = "string",
Id = 0,
LdbMethod = "string",
Persistence = "string",
Quic = new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGateway6QuicArgs
{
AckDelayExponent = 0,
ActiveConnectionIdLimit = 0,
ActiveMigration = "string",
GreaseQuicBit = "string",
MaxAckDelay = 0,
MaxDatagramFrameSize = 0,
MaxIdleTimeout = 0,
MaxUdpPayloadSize = 0,
},
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGateway6RealserverArgs
{
AddrType = "string",
Address = "string",
Domain = "string",
ExternalAuth = "string",
HealthCheck = "string",
HealthCheckProto = "string",
HolddownInterval = "string",
HttpHost = "string",
Id = 0,
Ip = "string",
Mappedport = "string",
Port = 0,
SshClientCert = "string",
SshHostKey = "string",
SshHostKeyValidation = "string",
Status = "string",
TranslateHost = "string",
TunnelEncryption = "string",
Type = "string",
Weight = 0,
},
},
SamlRedirect = "string",
SamlServer = "string",
Service = "string",
SslAlgorithm = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslDhBits = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslRenegotiation = "string",
SslVpnWebPortal = "string",
UrlMap = "string",
UrlMapType = "string",
VirtualHost = "string",
},
},
ApiGateways = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGatewayArgs
{
Applications = new[]
{
"string",
},
H2Support = "string",
H3Support = "string",
HttpCookieAge = 0,
HttpCookieDomain = "string",
HttpCookieDomainFromHost = "string",
HttpCookieGeneration = 0,
HttpCookiePath = "string",
HttpCookieShare = "string",
HttpsCookieSecure = "string",
Id = 0,
LdbMethod = "string",
Persistence = "string",
Quic = new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGatewayQuicArgs
{
AckDelayExponent = 0,
ActiveConnectionIdLimit = 0,
ActiveMigration = "string",
GreaseQuicBit = "string",
MaxAckDelay = 0,
MaxDatagramFrameSize = 0,
MaxIdleTimeout = 0,
MaxUdpPayloadSize = 0,
},
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGatewayRealserverArgs
{
AddrType = "string",
Address = "string",
Domain = "string",
ExternalAuth = "string",
HealthCheck = "string",
HealthCheckProto = "string",
HolddownInterval = "string",
HttpHost = "string",
Id = 0,
Ip = "string",
Mappedport = "string",
Port = 0,
SshClientCert = "string",
SshHostKey = "string",
SshHostKeyValidation = "string",
Status = "string",
TranslateHost = "string",
TunnelEncryption = "string",
Type = "string",
Weight = 0,
},
},
SamlRedirect = "string",
SamlServer = "string",
Service = "string",
SslAlgorithm = "string",
SslCipherSuites = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArgs
{
Cipher = "string",
Priority = 0,
Versions = new[]
{
"string",
},
},
},
SslDhBits = "string",
SslMaxVersion = "string",
SslMinVersion = "string",
SslRenegotiation = "string",
SslVpnWebPortal = "string",
UrlMap = "string",
UrlMapType = "string",
VirtualHost = "string",
},
},
AuthPortal = "string",
AuthVirtualHost = "string",
ClientCert = "string",
DecryptedTrafficMirror = "string",
DynamicSortSubtable = "string",
EmptyCertAction = "string",
HttpSupportedMaxVersion = "string",
LdbMethod = "string",
LogBlockedTraffic = "string",
Name = "string",
ObjectFirewallAccessproxyId = "string",
Realservers = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyRealserverArgs
{
Id = 0,
Ip = "string",
Port = 0,
Status = "string",
Weight = 0,
},
},
Scopetype = "string",
ServerPubkeyAuth = "string",
ServerPubkeyAuthSettings = new Fortimanager.Inputs.ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs
{
AuthCa = "string",
CertExtensions = new[]
{
new Fortimanager.Inputs.ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArgs
{
Critical = "string",
Data = "string",
Name = "string",
Type = "string",
},
},
PermitAgentForwarding = "string",
PermitPortForwarding = "string",
PermitPty = "string",
PermitUserRc = "string",
PermitX11Forwarding = "string",
SourceAddress = "string",
},
SvrPoolMultiplex = "string",
SvrPoolServerMaxConcurrentRequest = 0,
SvrPoolServerMaxRequest = 0,
SvrPoolTtl = 0,
UserAgentDetect = "string",
Vip = "string",
});
example, err := fortimanager.NewObjectFirewallAccessproxy(ctx, "objectFirewallAccessproxyResource", &fortimanager.ObjectFirewallAccessproxyArgs{
AddVhostDomainToDnsdb: pulumi.String("string"),
Adom: pulumi.String("string"),
ApiGateway6s: .ObjectFirewallAccessproxyApiGateway6TypeArray{
&.ObjectFirewallAccessproxyApiGateway6TypeArgs{
Applications: pulumi.StringArray{
pulumi.String("string"),
},
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Id: pulumi.Float64(0),
LdbMethod: pulumi.String("string"),
Persistence: pulumi.String("string"),
Quic: &.ObjectFirewallAccessproxyApiGateway6QuicTypeArgs{
AckDelayExponent: pulumi.Float64(0),
ActiveConnectionIdLimit: pulumi.Float64(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Float64(0),
MaxDatagramFrameSize: pulumi.Float64(0),
MaxIdleTimeout: pulumi.Float64(0),
MaxUdpPayloadSize: pulumi.Float64(0),
},
Realservers: .ObjectFirewallAccessproxyApiGateway6RealserverArray{
&.ObjectFirewallAccessproxyApiGateway6RealserverArgs{
AddrType: pulumi.String("string"),
Address: pulumi.String("string"),
Domain: pulumi.String("string"),
ExternalAuth: pulumi.String("string"),
HealthCheck: pulumi.String("string"),
HealthCheckProto: pulumi.String("string"),
HolddownInterval: pulumi.String("string"),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
Mappedport: pulumi.String("string"),
Port: pulumi.Float64(0),
SshClientCert: pulumi.String("string"),
SshHostKey: pulumi.String("string"),
SshHostKeyValidation: pulumi.String("string"),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
TunnelEncryption: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
SamlRedirect: pulumi.String("string"),
SamlServer: pulumi.String("string"),
Service: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArray{
&.ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslDhBits: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslRenegotiation: pulumi.String("string"),
SslVpnWebPortal: pulumi.String("string"),
UrlMap: pulumi.String("string"),
UrlMapType: pulumi.String("string"),
VirtualHost: pulumi.String("string"),
},
},
ApiGateways: .ObjectFirewallAccessproxyApiGatewayTypeArray{
&.ObjectFirewallAccessproxyApiGatewayTypeArgs{
Applications: pulumi.StringArray{
pulumi.String("string"),
},
H2Support: pulumi.String("string"),
H3Support: pulumi.String("string"),
HttpCookieAge: pulumi.Float64(0),
HttpCookieDomain: pulumi.String("string"),
HttpCookieDomainFromHost: pulumi.String("string"),
HttpCookieGeneration: pulumi.Float64(0),
HttpCookiePath: pulumi.String("string"),
HttpCookieShare: pulumi.String("string"),
HttpsCookieSecure: pulumi.String("string"),
Id: pulumi.Float64(0),
LdbMethod: pulumi.String("string"),
Persistence: pulumi.String("string"),
Quic: &.ObjectFirewallAccessproxyApiGatewayQuicTypeArgs{
AckDelayExponent: pulumi.Float64(0),
ActiveConnectionIdLimit: pulumi.Float64(0),
ActiveMigration: pulumi.String("string"),
GreaseQuicBit: pulumi.String("string"),
MaxAckDelay: pulumi.Float64(0),
MaxDatagramFrameSize: pulumi.Float64(0),
MaxIdleTimeout: pulumi.Float64(0),
MaxUdpPayloadSize: pulumi.Float64(0),
},
Realservers: .ObjectFirewallAccessproxyApiGatewayRealserverArray{
&.ObjectFirewallAccessproxyApiGatewayRealserverArgs{
AddrType: pulumi.String("string"),
Address: pulumi.String("string"),
Domain: pulumi.String("string"),
ExternalAuth: pulumi.String("string"),
HealthCheck: pulumi.String("string"),
HealthCheckProto: pulumi.String("string"),
HolddownInterval: pulumi.String("string"),
HttpHost: pulumi.String("string"),
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
Mappedport: pulumi.String("string"),
Port: pulumi.Float64(0),
SshClientCert: pulumi.String("string"),
SshHostKey: pulumi.String("string"),
SshHostKeyValidation: pulumi.String("string"),
Status: pulumi.String("string"),
TranslateHost: pulumi.String("string"),
TunnelEncryption: pulumi.String("string"),
Type: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
SamlRedirect: pulumi.String("string"),
SamlServer: pulumi.String("string"),
Service: pulumi.String("string"),
SslAlgorithm: pulumi.String("string"),
SslCipherSuites: .ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArray{
&.ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArgs{
Cipher: pulumi.String("string"),
Priority: pulumi.Float64(0),
Versions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SslDhBits: pulumi.String("string"),
SslMaxVersion: pulumi.String("string"),
SslMinVersion: pulumi.String("string"),
SslRenegotiation: pulumi.String("string"),
SslVpnWebPortal: pulumi.String("string"),
UrlMap: pulumi.String("string"),
UrlMapType: pulumi.String("string"),
VirtualHost: pulumi.String("string"),
},
},
AuthPortal: pulumi.String("string"),
AuthVirtualHost: pulumi.String("string"),
ClientCert: pulumi.String("string"),
DecryptedTrafficMirror: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EmptyCertAction: pulumi.String("string"),
HttpSupportedMaxVersion: pulumi.String("string"),
LdbMethod: pulumi.String("string"),
LogBlockedTraffic: pulumi.String("string"),
Name: pulumi.String("string"),
ObjectFirewallAccessproxyId: pulumi.String("string"),
Realservers: .ObjectFirewallAccessproxyRealserverArray{
&.ObjectFirewallAccessproxyRealserverArgs{
Id: pulumi.Float64(0),
Ip: pulumi.String("string"),
Port: pulumi.Float64(0),
Status: pulumi.String("string"),
Weight: pulumi.Float64(0),
},
},
Scopetype: pulumi.String("string"),
ServerPubkeyAuth: pulumi.String("string"),
ServerPubkeyAuthSettings: &.ObjectFirewallAccessproxyServerPubkeyAuthSettingsTypeArgs{
AuthCa: pulumi.String("string"),
CertExtensions: .ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArray{
&.ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArgs{
Critical: pulumi.String("string"),
Data: pulumi.String("string"),
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
PermitAgentForwarding: pulumi.String("string"),
PermitPortForwarding: pulumi.String("string"),
PermitPty: pulumi.String("string"),
PermitUserRc: pulumi.String("string"),
PermitX11Forwarding: pulumi.String("string"),
SourceAddress: pulumi.String("string"),
},
SvrPoolMultiplex: pulumi.String("string"),
SvrPoolServerMaxConcurrentRequest: pulumi.Float64(0),
SvrPoolServerMaxRequest: pulumi.Float64(0),
SvrPoolTtl: pulumi.Float64(0),
UserAgentDetect: pulumi.String("string"),
Vip: pulumi.String("string"),
})
var objectFirewallAccessproxyResource = new ObjectFirewallAccessproxy("objectFirewallAccessproxyResource", ObjectFirewallAccessproxyArgs.builder()
.addVhostDomainToDnsdb("string")
.adom("string")
.apiGateway6s(ObjectFirewallAccessproxyApiGateway6Args.builder()
.applications("string")
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpsCookieSecure("string")
.id(0)
.ldbMethod("string")
.persistence("string")
.quic(ObjectFirewallAccessproxyApiGateway6QuicArgs.builder()
.ackDelayExponent(0)
.activeConnectionIdLimit(0)
.activeMigration("string")
.greaseQuicBit("string")
.maxAckDelay(0)
.maxDatagramFrameSize(0)
.maxIdleTimeout(0)
.maxUdpPayloadSize(0)
.build())
.realservers(ObjectFirewallAccessproxyApiGateway6RealserverArgs.builder()
.addrType("string")
.address("string")
.domain("string")
.externalAuth("string")
.healthCheck("string")
.healthCheckProto("string")
.holddownInterval("string")
.httpHost("string")
.id(0)
.ip("string")
.mappedport("string")
.port(0)
.sshClientCert("string")
.sshHostKey("string")
.sshHostKeyValidation("string")
.status("string")
.translateHost("string")
.tunnelEncryption("string")
.type("string")
.weight(0)
.build())
.samlRedirect("string")
.samlServer("string")
.service("string")
.sslAlgorithm("string")
.sslCipherSuites(ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslDhBits("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslRenegotiation("string")
.sslVpnWebPortal("string")
.urlMap("string")
.urlMapType("string")
.virtualHost("string")
.build())
.apiGateways(ObjectFirewallAccessproxyApiGatewayArgs.builder()
.applications("string")
.h2Support("string")
.h3Support("string")
.httpCookieAge(0)
.httpCookieDomain("string")
.httpCookieDomainFromHost("string")
.httpCookieGeneration(0)
.httpCookiePath("string")
.httpCookieShare("string")
.httpsCookieSecure("string")
.id(0)
.ldbMethod("string")
.persistence("string")
.quic(ObjectFirewallAccessproxyApiGatewayQuicArgs.builder()
.ackDelayExponent(0)
.activeConnectionIdLimit(0)
.activeMigration("string")
.greaseQuicBit("string")
.maxAckDelay(0)
.maxDatagramFrameSize(0)
.maxIdleTimeout(0)
.maxUdpPayloadSize(0)
.build())
.realservers(ObjectFirewallAccessproxyApiGatewayRealserverArgs.builder()
.addrType("string")
.address("string")
.domain("string")
.externalAuth("string")
.healthCheck("string")
.healthCheckProto("string")
.holddownInterval("string")
.httpHost("string")
.id(0)
.ip("string")
.mappedport("string")
.port(0)
.sshClientCert("string")
.sshHostKey("string")
.sshHostKeyValidation("string")
.status("string")
.translateHost("string")
.tunnelEncryption("string")
.type("string")
.weight(0)
.build())
.samlRedirect("string")
.samlServer("string")
.service("string")
.sslAlgorithm("string")
.sslCipherSuites(ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArgs.builder()
.cipher("string")
.priority(0)
.versions("string")
.build())
.sslDhBits("string")
.sslMaxVersion("string")
.sslMinVersion("string")
.sslRenegotiation("string")
.sslVpnWebPortal("string")
.urlMap("string")
.urlMapType("string")
.virtualHost("string")
.build())
.authPortal("string")
.authVirtualHost("string")
.clientCert("string")
.decryptedTrafficMirror("string")
.dynamicSortSubtable("string")
.emptyCertAction("string")
.httpSupportedMaxVersion("string")
.ldbMethod("string")
.logBlockedTraffic("string")
.name("string")
.objectFirewallAccessproxyId("string")
.realservers(ObjectFirewallAccessproxyRealserverArgs.builder()
.id(0)
.ip("string")
.port(0)
.status("string")
.weight(0)
.build())
.scopetype("string")
.serverPubkeyAuth("string")
.serverPubkeyAuthSettings(ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs.builder()
.authCa("string")
.certExtensions(ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArgs.builder()
.critical("string")
.data("string")
.name("string")
.type("string")
.build())
.permitAgentForwarding("string")
.permitPortForwarding("string")
.permitPty("string")
.permitUserRc("string")
.permitX11Forwarding("string")
.sourceAddress("string")
.build())
.svrPoolMultiplex("string")
.svrPoolServerMaxConcurrentRequest(0)
.svrPoolServerMaxRequest(0)
.svrPoolTtl(0)
.userAgentDetect("string")
.vip("string")
.build());
object_firewall_accessproxy_resource = fortimanager.ObjectFirewallAccessproxy("objectFirewallAccessproxyResource",
add_vhost_domain_to_dnsdb="string",
adom="string",
api_gateway6s=[{
"applications": ["string"],
"h2_support": "string",
"h3_support": "string",
"http_cookie_age": 0,
"http_cookie_domain": "string",
"http_cookie_domain_from_host": "string",
"http_cookie_generation": 0,
"http_cookie_path": "string",
"http_cookie_share": "string",
"https_cookie_secure": "string",
"id": 0,
"ldb_method": "string",
"persistence": "string",
"quic": {
"ack_delay_exponent": 0,
"active_connection_id_limit": 0,
"active_migration": "string",
"grease_quic_bit": "string",
"max_ack_delay": 0,
"max_datagram_frame_size": 0,
"max_idle_timeout": 0,
"max_udp_payload_size": 0,
},
"realservers": [{
"addr_type": "string",
"address": "string",
"domain": "string",
"external_auth": "string",
"health_check": "string",
"health_check_proto": "string",
"holddown_interval": "string",
"http_host": "string",
"id": 0,
"ip": "string",
"mappedport": "string",
"port": 0,
"ssh_client_cert": "string",
"ssh_host_key": "string",
"ssh_host_key_validation": "string",
"status": "string",
"translate_host": "string",
"tunnel_encryption": "string",
"type": "string",
"weight": 0,
}],
"saml_redirect": "string",
"saml_server": "string",
"service": "string",
"ssl_algorithm": "string",
"ssl_cipher_suites": [{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
"ssl_dh_bits": "string",
"ssl_max_version": "string",
"ssl_min_version": "string",
"ssl_renegotiation": "string",
"ssl_vpn_web_portal": "string",
"url_map": "string",
"url_map_type": "string",
"virtual_host": "string",
}],
api_gateways=[{
"applications": ["string"],
"h2_support": "string",
"h3_support": "string",
"http_cookie_age": 0,
"http_cookie_domain": "string",
"http_cookie_domain_from_host": "string",
"http_cookie_generation": 0,
"http_cookie_path": "string",
"http_cookie_share": "string",
"https_cookie_secure": "string",
"id": 0,
"ldb_method": "string",
"persistence": "string",
"quic": {
"ack_delay_exponent": 0,
"active_connection_id_limit": 0,
"active_migration": "string",
"grease_quic_bit": "string",
"max_ack_delay": 0,
"max_datagram_frame_size": 0,
"max_idle_timeout": 0,
"max_udp_payload_size": 0,
},
"realservers": [{
"addr_type": "string",
"address": "string",
"domain": "string",
"external_auth": "string",
"health_check": "string",
"health_check_proto": "string",
"holddown_interval": "string",
"http_host": "string",
"id": 0,
"ip": "string",
"mappedport": "string",
"port": 0,
"ssh_client_cert": "string",
"ssh_host_key": "string",
"ssh_host_key_validation": "string",
"status": "string",
"translate_host": "string",
"tunnel_encryption": "string",
"type": "string",
"weight": 0,
}],
"saml_redirect": "string",
"saml_server": "string",
"service": "string",
"ssl_algorithm": "string",
"ssl_cipher_suites": [{
"cipher": "string",
"priority": 0,
"versions": ["string"],
}],
"ssl_dh_bits": "string",
"ssl_max_version": "string",
"ssl_min_version": "string",
"ssl_renegotiation": "string",
"ssl_vpn_web_portal": "string",
"url_map": "string",
"url_map_type": "string",
"virtual_host": "string",
}],
auth_portal="string",
auth_virtual_host="string",
client_cert="string",
decrypted_traffic_mirror="string",
dynamic_sort_subtable="string",
empty_cert_action="string",
http_supported_max_version="string",
ldb_method="string",
log_blocked_traffic="string",
name="string",
object_firewall_accessproxy_id="string",
realservers=[{
"id": 0,
"ip": "string",
"port": 0,
"status": "string",
"weight": 0,
}],
scopetype="string",
server_pubkey_auth="string",
server_pubkey_auth_settings={
"auth_ca": "string",
"cert_extensions": [{
"critical": "string",
"data": "string",
"name": "string",
"type": "string",
}],
"permit_agent_forwarding": "string",
"permit_port_forwarding": "string",
"permit_pty": "string",
"permit_user_rc": "string",
"permit_x11_forwarding": "string",
"source_address": "string",
},
svr_pool_multiplex="string",
svr_pool_server_max_concurrent_request=0,
svr_pool_server_max_request=0,
svr_pool_ttl=0,
user_agent_detect="string",
vip="string")
const objectFirewallAccessproxyResource = new fortimanager.ObjectFirewallAccessproxy("objectFirewallAccessproxyResource", {
addVhostDomainToDnsdb: "string",
adom: "string",
apiGateway6s: [{
applications: ["string"],
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpsCookieSecure: "string",
id: 0,
ldbMethod: "string",
persistence: "string",
quic: {
ackDelayExponent: 0,
activeConnectionIdLimit: 0,
activeMigration: "string",
greaseQuicBit: "string",
maxAckDelay: 0,
maxDatagramFrameSize: 0,
maxIdleTimeout: 0,
maxUdpPayloadSize: 0,
},
realservers: [{
addrType: "string",
address: "string",
domain: "string",
externalAuth: "string",
healthCheck: "string",
healthCheckProto: "string",
holddownInterval: "string",
httpHost: "string",
id: 0,
ip: "string",
mappedport: "string",
port: 0,
sshClientCert: "string",
sshHostKey: "string",
sshHostKeyValidation: "string",
status: "string",
translateHost: "string",
tunnelEncryption: "string",
type: "string",
weight: 0,
}],
samlRedirect: "string",
samlServer: "string",
service: "string",
sslAlgorithm: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslDhBits: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslRenegotiation: "string",
sslVpnWebPortal: "string",
urlMap: "string",
urlMapType: "string",
virtualHost: "string",
}],
apiGateways: [{
applications: ["string"],
h2Support: "string",
h3Support: "string",
httpCookieAge: 0,
httpCookieDomain: "string",
httpCookieDomainFromHost: "string",
httpCookieGeneration: 0,
httpCookiePath: "string",
httpCookieShare: "string",
httpsCookieSecure: "string",
id: 0,
ldbMethod: "string",
persistence: "string",
quic: {
ackDelayExponent: 0,
activeConnectionIdLimit: 0,
activeMigration: "string",
greaseQuicBit: "string",
maxAckDelay: 0,
maxDatagramFrameSize: 0,
maxIdleTimeout: 0,
maxUdpPayloadSize: 0,
},
realservers: [{
addrType: "string",
address: "string",
domain: "string",
externalAuth: "string",
healthCheck: "string",
healthCheckProto: "string",
holddownInterval: "string",
httpHost: "string",
id: 0,
ip: "string",
mappedport: "string",
port: 0,
sshClientCert: "string",
sshHostKey: "string",
sshHostKeyValidation: "string",
status: "string",
translateHost: "string",
tunnelEncryption: "string",
type: "string",
weight: 0,
}],
samlRedirect: "string",
samlServer: "string",
service: "string",
sslAlgorithm: "string",
sslCipherSuites: [{
cipher: "string",
priority: 0,
versions: ["string"],
}],
sslDhBits: "string",
sslMaxVersion: "string",
sslMinVersion: "string",
sslRenegotiation: "string",
sslVpnWebPortal: "string",
urlMap: "string",
urlMapType: "string",
virtualHost: "string",
}],
authPortal: "string",
authVirtualHost: "string",
clientCert: "string",
decryptedTrafficMirror: "string",
dynamicSortSubtable: "string",
emptyCertAction: "string",
httpSupportedMaxVersion: "string",
ldbMethod: "string",
logBlockedTraffic: "string",
name: "string",
objectFirewallAccessproxyId: "string",
realservers: [{
id: 0,
ip: "string",
port: 0,
status: "string",
weight: 0,
}],
scopetype: "string",
serverPubkeyAuth: "string",
serverPubkeyAuthSettings: {
authCa: "string",
certExtensions: [{
critical: "string",
data: "string",
name: "string",
type: "string",
}],
permitAgentForwarding: "string",
permitPortForwarding: "string",
permitPty: "string",
permitUserRc: "string",
permitX11Forwarding: "string",
sourceAddress: "string",
},
svrPoolMultiplex: "string",
svrPoolServerMaxConcurrentRequest: 0,
svrPoolServerMaxRequest: 0,
svrPoolTtl: 0,
userAgentDetect: "string",
vip: "string",
});
type: fortimanager:ObjectFirewallAccessproxy
properties:
addVhostDomainToDnsdb: string
adom: string
apiGateway6s:
- applications:
- string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpsCookieSecure: string
id: 0
ldbMethod: string
persistence: string
quic:
ackDelayExponent: 0
activeConnectionIdLimit: 0
activeMigration: string
greaseQuicBit: string
maxAckDelay: 0
maxDatagramFrameSize: 0
maxIdleTimeout: 0
maxUdpPayloadSize: 0
realservers:
- addrType: string
address: string
domain: string
externalAuth: string
healthCheck: string
healthCheckProto: string
holddownInterval: string
httpHost: string
id: 0
ip: string
mappedport: string
port: 0
sshClientCert: string
sshHostKey: string
sshHostKeyValidation: string
status: string
translateHost: string
tunnelEncryption: string
type: string
weight: 0
samlRedirect: string
samlServer: string
service: string
sslAlgorithm: string
sslCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslDhBits: string
sslMaxVersion: string
sslMinVersion: string
sslRenegotiation: string
sslVpnWebPortal: string
urlMap: string
urlMapType: string
virtualHost: string
apiGateways:
- applications:
- string
h2Support: string
h3Support: string
httpCookieAge: 0
httpCookieDomain: string
httpCookieDomainFromHost: string
httpCookieGeneration: 0
httpCookiePath: string
httpCookieShare: string
httpsCookieSecure: string
id: 0
ldbMethod: string
persistence: string
quic:
ackDelayExponent: 0
activeConnectionIdLimit: 0
activeMigration: string
greaseQuicBit: string
maxAckDelay: 0
maxDatagramFrameSize: 0
maxIdleTimeout: 0
maxUdpPayloadSize: 0
realservers:
- addrType: string
address: string
domain: string
externalAuth: string
healthCheck: string
healthCheckProto: string
holddownInterval: string
httpHost: string
id: 0
ip: string
mappedport: string
port: 0
sshClientCert: string
sshHostKey: string
sshHostKeyValidation: string
status: string
translateHost: string
tunnelEncryption: string
type: string
weight: 0
samlRedirect: string
samlServer: string
service: string
sslAlgorithm: string
sslCipherSuites:
- cipher: string
priority: 0
versions:
- string
sslDhBits: string
sslMaxVersion: string
sslMinVersion: string
sslRenegotiation: string
sslVpnWebPortal: string
urlMap: string
urlMapType: string
virtualHost: string
authPortal: string
authVirtualHost: string
clientCert: string
decryptedTrafficMirror: string
dynamicSortSubtable: string
emptyCertAction: string
httpSupportedMaxVersion: string
ldbMethod: string
logBlockedTraffic: string
name: string
objectFirewallAccessproxyId: string
realservers:
- id: 0
ip: string
port: 0
status: string
weight: 0
scopetype: string
serverPubkeyAuth: string
serverPubkeyAuthSettings:
authCa: string
certExtensions:
- critical: string
data: string
name: string
type: string
permitAgentForwarding: string
permitPortForwarding: string
permitPty: string
permitUserRc: string
permitX11Forwarding: string
sourceAddress: string
svrPoolMultiplex: string
svrPoolServerMaxConcurrentRequest: 0
svrPoolServerMaxRequest: 0
svrPoolTtl: 0
userAgentDetect: string
vip: string
ObjectFirewallAccessproxy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectFirewallAccessproxy resource accepts the following input properties:
- Add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Api
Gateway6s List<ObjectFirewall Accessproxy Api Gateway6> - Api-Gateway6. The structure of
api_gateway6block is documented below. - Api
Gateways List<ObjectFirewall Accessproxy Api Gateway> - Api-Gateway. The structure of
api_gatewayblock is documented below. - Auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - Auth
Virtual stringHost - Virtual host for authentication portal.
- Client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - Name string
- Access Proxy name.
- Object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- Realservers
List<Object
Firewall Accessproxy Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - Server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - Svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - Svr
Pool doubleServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- Svr
Pool doubleServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- Svr
Pool doubleTtl - Time-to-live in the server pool for idle connections to servers.
- User
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - Vip string
- Virtual IP name.
- Add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Api
Gateway6s []ObjectFirewall Accessproxy Api Gateway6Type Args - Api-Gateway6. The structure of
api_gateway6block is documented below. - Api
Gateways []ObjectFirewall Accessproxy Api Gateway Type Args - Api-Gateway. The structure of
api_gatewayblock is documented below. - Auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - Auth
Virtual stringHost - Virtual host for authentication portal.
- Client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - Name string
- Access Proxy name.
- Object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- Realservers
[]Object
Firewall Accessproxy Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - Server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings Type Args - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - Svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - Svr
Pool float64Server Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- Svr
Pool float64Server Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- Svr
Pool float64Ttl - Time-to-live in the server pool for idle connections to servers.
- User
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - Vip string
- Virtual IP name.
- add
Vhost StringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s List<ObjectFirewall Accessproxy Api Gateway6> - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways List<ObjectFirewall Accessproxy Api Gateway> - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal String - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual StringHost - Virtual host for authentication portal.
- client
Cert String - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert StringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked StringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name String
- Access Proxy name.
- object
Firewall StringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers
List<Object
Firewall Accessproxy Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey StringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool StringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool DoubleServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool DoubleServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool DoubleTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent StringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip String
- Virtual IP name.
- add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s ObjectFirewall Accessproxy Api Gateway6[] - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways ObjectFirewall Accessproxy Api Gateway[] - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual stringHost - Virtual host for authentication portal.
- client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic stringMirror - Decrypted traffic mirror.
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name string
- Access Proxy name.
- object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers
Object
Firewall Accessproxy Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool numberServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool numberServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool numberTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip string
- Virtual IP name.
- add_
vhost_ strdomain_ to_ dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api_
gateway6s Sequence[ObjectFirewall Accessproxy Api Gateway6Args] - Api-Gateway6. The structure of
api_gateway6block is documented below. - api_
gateways Sequence[ObjectFirewall Accessproxy Api Gateway Args] - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth_
portal str - Enable/disable authentication portal. Valid values:
disable,enable. - auth_
virtual_ strhost - Virtual host for authentication portal.
- client_
cert str - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty_
cert_ straction - Action of an empty client certificate. Valid values:
block,accept. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb_
method str - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log_
blocked_ strtraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name str
- Access Proxy name.
- object_
firewall_ straccessproxy_ id - an identifier for the resource with format {{name}}.
- realservers
Sequence[Object
Firewall Accessproxy Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
pubkey_ strauth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server_
pubkey_ Objectauth_ settings Firewall Accessproxy Server Pubkey Auth Settings Args - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr_
pool_ strmultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr_
pool_ floatserver_ max_ concurrent_ request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr_
pool_ floatserver_ max_ request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr_
pool_ floatttl - Time-to-live in the server pool for idle connections to servers.
- user_
agent_ strdetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip str
- Virtual IP name.
- add
Vhost StringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s List<Property Map> - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways List<Property Map> - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal String - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual StringHost - Virtual host for authentication portal.
- client
Cert String - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert StringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked StringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name String
- Access Proxy name.
- object
Firewall StringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey StringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey Property MapAuth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool StringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool NumberServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool NumberServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool NumberTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent StringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip String
- Virtual IP name.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectFirewallAccessproxy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectFirewallAccessproxy Resource
Get an existing ObjectFirewallAccessproxy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectFirewallAccessproxyState, opts?: CustomResourceOptions): ObjectFirewallAccessproxy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_vhost_domain_to_dnsdb: Optional[str] = None,
adom: Optional[str] = None,
api_gateway6s: Optional[Sequence[ObjectFirewallAccessproxyApiGateway6Args]] = None,
api_gateways: Optional[Sequence[ObjectFirewallAccessproxyApiGatewayArgs]] = None,
auth_portal: Optional[str] = None,
auth_virtual_host: Optional[str] = None,
client_cert: Optional[str] = None,
decrypted_traffic_mirror: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
empty_cert_action: Optional[str] = None,
http_supported_max_version: Optional[str] = None,
ldb_method: Optional[str] = None,
log_blocked_traffic: Optional[str] = None,
name: Optional[str] = None,
object_firewall_accessproxy_id: Optional[str] = None,
realservers: Optional[Sequence[ObjectFirewallAccessproxyRealserverArgs]] = None,
scopetype: Optional[str] = None,
server_pubkey_auth: Optional[str] = None,
server_pubkey_auth_settings: Optional[ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs] = None,
svr_pool_multiplex: Optional[str] = None,
svr_pool_server_max_concurrent_request: Optional[float] = None,
svr_pool_server_max_request: Optional[float] = None,
svr_pool_ttl: Optional[float] = None,
user_agent_detect: Optional[str] = None,
vip: Optional[str] = None) -> ObjectFirewallAccessproxyfunc GetObjectFirewallAccessproxy(ctx *Context, name string, id IDInput, state *ObjectFirewallAccessproxyState, opts ...ResourceOption) (*ObjectFirewallAccessproxy, error)public static ObjectFirewallAccessproxy Get(string name, Input<string> id, ObjectFirewallAccessproxyState? state, CustomResourceOptions? opts = null)public static ObjectFirewallAccessproxy get(String name, Output<String> id, ObjectFirewallAccessproxyState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectFirewallAccessproxy get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Api
Gateway6s List<ObjectFirewall Accessproxy Api Gateway6> - Api-Gateway6. The structure of
api_gateway6block is documented below. - Api
Gateways List<ObjectFirewall Accessproxy Api Gateway> - Api-Gateway. The structure of
api_gatewayblock is documented below. - Auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - Auth
Virtual stringHost - Virtual host for authentication portal.
- Client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - Name string
- Access Proxy name.
- Object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- Realservers
List<Object
Firewall Accessproxy Realserver> - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - Server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - Svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - Svr
Pool doubleServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- Svr
Pool doubleServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- Svr
Pool doubleTtl - Time-to-live in the server pool for idle connections to servers.
- User
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - Vip string
- Virtual IP name.
- Add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Api
Gateway6s []ObjectFirewall Accessproxy Api Gateway6Type Args - Api-Gateway6. The structure of
api_gateway6block is documented below. - Api
Gateways []ObjectFirewall Accessproxy Api Gateway Type Args - Api-Gateway. The structure of
api_gatewayblock is documented below. - Auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - Auth
Virtual stringHost - Virtual host for authentication portal.
- Client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - Decrypted
Traffic stringMirror - Decrypted traffic mirror.
- Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - Http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - Name string
- Access Proxy name.
- Object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- Realservers
[]Object
Firewall Accessproxy Realserver Args - Realservers. The structure of
realserversblock is documented below. - Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - Server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings Type Args - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - Svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - Svr
Pool float64Server Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- Svr
Pool float64Server Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- Svr
Pool float64Ttl - Time-to-live in the server pool for idle connections to servers.
- User
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - Vip string
- Virtual IP name.
- add
Vhost StringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s List<ObjectFirewall Accessproxy Api Gateway6> - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways List<ObjectFirewall Accessproxy Api Gateway> - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal String - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual StringHost - Virtual host for authentication portal.
- client
Cert String - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert StringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked StringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name String
- Access Proxy name.
- object
Firewall StringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers
List<Object
Firewall Accessproxy Realserver> - Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey StringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool StringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool DoubleServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool DoubleServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool DoubleTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent StringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip String
- Virtual IP name.
- add
Vhost stringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s ObjectFirewall Accessproxy Api Gateway6[] - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways ObjectFirewall Accessproxy Api Gateway[] - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal string - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual stringHost - Virtual host for authentication portal.
- client
Cert string - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic stringMirror - Decrypted traffic mirror.
- dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert stringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported stringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked stringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name string
- Access Proxy name.
- object
Firewall stringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers
Object
Firewall Accessproxy Realserver[] - Realservers. The structure of
realserversblock is documented below. - scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey stringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey ObjectAuth Settings Firewall Accessproxy Server Pubkey Auth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool stringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool numberServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool numberServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool numberTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent stringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip string
- Virtual IP name.
- add_
vhost_ strdomain_ to_ dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api_
gateway6s Sequence[ObjectFirewall Accessproxy Api Gateway6Args] - Api-Gateway6. The structure of
api_gateway6block is documented below. - api_
gateways Sequence[ObjectFirewall Accessproxy Api Gateway Args] - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth_
portal str - Enable/disable authentication portal. Valid values:
disable,enable. - auth_
virtual_ strhost - Virtual host for authentication portal.
- client_
cert str - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted_
traffic_ strmirror - Decrypted traffic mirror.
- dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty_
cert_ straction - Action of an empty client certificate. Valid values:
block,accept. - http_
supported_ strmax_ version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb_
method str - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log_
blocked_ strtraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name str
- Access Proxy name.
- object_
firewall_ straccessproxy_ id - an identifier for the resource with format {{name}}.
- realservers
Sequence[Object
Firewall Accessproxy Realserver Args] - Realservers. The structure of
realserversblock is documented below. - scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server_
pubkey_ strauth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server_
pubkey_ Objectauth_ settings Firewall Accessproxy Server Pubkey Auth Settings Args - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr_
pool_ strmultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr_
pool_ floatserver_ max_ concurrent_ request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr_
pool_ floatserver_ max_ request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr_
pool_ floatttl - Time-to-live in the server pool for idle connections to servers.
- user_
agent_ strdetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip str
- Virtual IP name.
- add
Vhost StringDomain To Dnsdb - Enable/disable adding vhost/domain to dnsdb for ztna dox tunnel. Valid values:
disable,enable. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - api
Gateway6s List<Property Map> - Api-Gateway6. The structure of
api_gateway6block is documented below. - api
Gateways List<Property Map> - Api-Gateway. The structure of
api_gatewayblock is documented below. - auth
Portal String - Enable/disable authentication portal. Valid values:
disable,enable. - auth
Virtual StringHost - Virtual host for authentication portal.
- client
Cert String - Enable/disable to request client certificate. Valid values:
disable,enable. - decrypted
Traffic StringMirror - Decrypted traffic mirror.
- dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- empty
Cert StringAction - Action of an empty client certificate. Valid values:
block,accept. - http
Supported StringMax Version - Maximum supported HTTP versions. default = HTTP2 Valid values:
http1,http2. - ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - log
Blocked StringTraffic - Enable/disable logging of blocked traffic. Valid values:
disable,enable. - name String
- Access Proxy name.
- object
Firewall StringAccessproxy Id - an identifier for the resource with format {{name}}.
- realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - server
Pubkey StringAuth - Enable/disable SSH real server public key authentication. Valid values:
disable,enable. - server
Pubkey Property MapAuth Settings - Server-Pubkey-Auth-Settings. The structure of
server_pubkey_auth_settingsblock is documented below. - svr
Pool StringMultiplex - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values:
disable,enable. - svr
Pool NumberServer Max Concurrent Request - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited).
- svr
Pool NumberServer Max Request - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited).
- svr
Pool NumberTtl - Time-to-live in the server pool for idle connections to servers.
- user
Agent StringDetect - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values:
disable,enable. - vip String
- Virtual IP name.
Supporting Types
ObjectFirewallAccessproxyApiGateway, ObjectFirewallAccessproxyApiGatewayArgs
, ObjectFirewallAccessproxyApiGatewayArgs
- Applications List<string>
- SaaS application controlled by this Access Proxy.
- H2Support string
- HTTP2 support, default=Enable. Valid values:
disable,enable. - H3Support string
- HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - double
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Id double
- API Gateway ID.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - Quic
Object
Firewall Accessproxy Api Gateway Quic - Quic. The structure of
quicblock is documented below. - Realservers
List<Object
Firewall Accessproxy Api Gateway Realserver> - Realservers. The structure of
realserversblock is documented below. - Saml
Redirect string - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - Saml
Server string - SAML service provider configuration for VIP authentication.
- Service string
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - Ssl
Algorithm string - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Cipher List<ObjectSuites Firewall Accessproxy Api Gateway Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Renegotiation string - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Vpn stringWeb Portal - SSL-VPN web portal.
- Url
Map string - URL pattern to match.
- Url
Map stringType - Type of url-map. Valid values:
sub-string,wildcard,regex. - Virtual
Host string - Virtual host.
- Applications []string
- SaaS application controlled by this Access Proxy.
- H2Support string
- HTTP2 support, default=Enable. Valid values:
disable,enable. - H3Support string
- HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - float64
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float64
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - Id float64
- API Gateway ID.
- Ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - Persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - Quic
Object
Firewall Accessproxy Api Gateway Quic Type - Quic. The structure of
quicblock is documented below. - Realservers
[]Object
Firewall Accessproxy Api Gateway Realserver - Realservers. The structure of
realserversblock is documented below. - Saml
Redirect string - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - Saml
Server string - SAML service provider configuration for VIP authentication.
- Service string
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - Ssl
Algorithm string - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - Ssl
Cipher []ObjectSuites Firewall Accessproxy Api Gateway Ssl Cipher Suite - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - Ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - Ssl
Max stringVersion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - Ssl
Renegotiation string - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - Ssl
Vpn stringWeb Portal - SSL-VPN web portal.
- Url
Map string - URL pattern to match.
- Url
Map stringType - Type of url-map. Valid values:
sub-string,wildcard,regex. - Virtual
Host string - Virtual host.
- applications List<String>
- SaaS application controlled by this Access Proxy.
- h2Support String
- HTTP2 support, default=Enable. Valid values:
disable,enable. - h3Support String
- HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - Double
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Double
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id Double
- API Gateway ID.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - quic
Object
Firewall Accessproxy Api Gateway Quic - Quic. The structure of
quicblock is documented below. - realservers
List<Object
Firewall Accessproxy Api Gateway Realserver> - Realservers. The structure of
realserversblock is documented below. - saml
Redirect String - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - saml
Server String - SAML service provider configuration for VIP authentication.
- service String
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - ssl
Algorithm String - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Cipher List<ObjectSuites Firewall Accessproxy Api Gateway Ssl Cipher Suite> - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Renegotiation String - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Vpn StringWeb Portal - SSL-VPN web portal.
- url
Map String - URL pattern to match.
- url
Map StringType - Type of url-map. Valid values:
sub-string,wildcard,regex. - virtual
Host String - Virtual host.
- applications string[]
- SaaS application controlled by this Access Proxy.
- h2Support string
- HTTP2 support, default=Enable. Valid values:
disable,enable. - h3Support string
- HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - number
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- string
- Domain that HTTP cookie persistence should apply to.
- string
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- string
- Limit HTTP cookie persistence to the specified path.
- string
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - string
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id number
- API Gateway ID.
- ldb
Method string - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - persistence string
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - quic
Object
Firewall Accessproxy Api Gateway Quic - Quic. The structure of
quicblock is documented below. - realservers
Object
Firewall Accessproxy Api Gateway Realserver[] - Realservers. The structure of
realserversblock is documented below. - saml
Redirect string - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - saml
Server string - SAML service provider configuration for VIP authentication.
- service string
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - ssl
Algorithm string - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Cipher ObjectSuites Firewall Accessproxy Api Gateway Ssl Cipher Suite[] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Dh stringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Max stringVersion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min stringVersion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Renegotiation string - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Vpn stringWeb Portal - SSL-VPN web portal.
- url
Map string - URL pattern to match.
- url
Map stringType - Type of url-map. Valid values:
sub-string,wildcard,regex. - virtual
Host string - Virtual host.
- applications Sequence[str]
- SaaS application controlled by this Access Proxy.
- h2_
support str - HTTP2 support, default=Enable. Valid values:
disable,enable. - h3_
support str - HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - float
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- str
- Domain that HTTP cookie persistence should apply to.
- str
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - float
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- str
- Limit HTTP cookie persistence to the specified path.
- str
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - str
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id float
- API Gateway ID.
- ldb_
method str - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - persistence str
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - quic
Object
Firewall Accessproxy Api Gateway Quic - Quic. The structure of
quicblock is documented below. - realservers
Sequence[Object
Firewall Accessproxy Api Gateway Realserver] - Realservers. The structure of
realserversblock is documented below. - saml_
redirect str - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - saml_
server str - SAML service provider configuration for VIP authentication.
- service str
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - ssl_
algorithm str - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl_
cipher_ Sequence[Objectsuites Firewall Accessproxy Api Gateway Ssl Cipher Suite] - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl_
dh_ strbits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl_
max_ strversion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
min_ strversion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl_
renegotiation str - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl_
vpn_ strweb_ portal - SSL-VPN web portal.
- url_
map str - URL pattern to match.
- url_
map_ strtype - Type of url-map. Valid values:
sub-string,wildcard,regex. - virtual_
host str - Virtual host.
- applications List<String>
- SaaS application controlled by this Access Proxy.
- h2Support String
- HTTP2 support, default=Enable. Valid values:
disable,enable. - h3Support String
- HTTP3/QUIC support, default=Disable. Valid values:
disable,enable. - Number
- Time in minutes that client web browsers should keep a cookie. Default is 60 minutes. 0 = no time limit.
- String
- Domain that HTTP cookie persistence should apply to.
- String
- Enable/disable use of HTTP cookie domain from host field in HTTP. Valid values:
disable,enable. - Number
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
- String
- Limit HTTP cookie persistence to the specified path.
- String
- Control sharing of cookies across API Gateway. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. Valid values:
disable,same-ip. - String
- Enable/disable verification that inserted HTTPS cookies are secure. Valid values:
disable,enable. - id Number
- API Gateway ID.
- ldb
Method String - Method used to distribute sessions to real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive,http-host. - persistence String
- Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values:
none,http-cookie. - quic Property Map
- Quic. The structure of
quicblock is documented below. - realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - saml
Redirect String - Enable/disable SAML redirection after successful authentication. Valid values:
disable,enable. - saml
Server String - SAML service provider configuration for VIP authentication.
- service String
- Service. Valid values:
http,https,tcp-forwarding,samlsp. - ssl
Algorithm String - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength. Valid values:
high,medium,low,custom. - ssl
Cipher List<Property Map>Suites - Ssl-Cipher-Suites. The structure of
ssl_cipher_suitesblock is documented below. - ssl
Dh StringBits - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. Valid values:
768,1024,1536,2048,3072,4096. - ssl
Max StringVersion - Highest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Min StringVersion - Lowest SSL/TLS version acceptable from a server. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3. - ssl
Renegotiation String - Enable/disable secure renegotiation to comply with RFC 5746. Valid values:
disable,enable. - ssl
Vpn StringWeb Portal - SSL-VPN web portal.
- url
Map String - URL pattern to match.
- url
Map StringType - Type of url-map. Valid values:
sub-string,wildcard,regex. - virtual
Host String - Virtual host.
ObjectFirewallAccessproxyApiGateway6, ObjectFirewallAccessproxyApiGateway6Args
, ObjectFirewallAccessproxyApiGateway6Args
- Applications List<string>
- H2Support string
- H3Support string
- double
- string
- string
- double
- string
- string
- string
- Id double
- an identifier for the resource with format {{name}}.
- Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Persistence string
- Quic
Object
Firewall Accessproxy Api Gateway6Quic - Realservers
List<Object
Firewall Accessproxy Api Gateway6Realserver> - Realservers. The structure of
realserversblock is documented below. - Saml
Redirect string - Saml
Server string - Service string
- Ssl
Algorithm string - Ssl
Cipher List<ObjectSuites Firewall Accessproxy Api Gateway6Ssl Cipher Suite> - Ssl
Dh stringBits - Ssl
Max stringVersion - Ssl
Min stringVersion - Ssl
Renegotiation string - Ssl
Vpn stringWeb Portal - Url
Map string - Url
Map stringType - Virtual
Host string
- Applications []string
- H2Support string
- H3Support string
- float64
- string
- string
- float64
- string
- string
- string
- Id float64
- an identifier for the resource with format {{name}}.
- Ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - Persistence string
- Quic
Object
Firewall Accessproxy Api Gateway6Quic Type - Realservers
[]Object
Firewall Accessproxy Api Gateway6Realserver - Realservers. The structure of
realserversblock is documented below. - Saml
Redirect string - Saml
Server string - Service string
- Ssl
Algorithm string - Ssl
Cipher []ObjectSuites Firewall Accessproxy Api Gateway6Ssl Cipher Suite - Ssl
Dh stringBits - Ssl
Max stringVersion - Ssl
Min stringVersion - Ssl
Renegotiation string - Ssl
Vpn stringWeb Portal - Url
Map string - Url
Map stringType - Virtual
Host string
- applications List<String>
- h2Support String
- h3Support String
- Double
- String
- String
- Double
- String
- String
- String
- id Double
- an identifier for the resource with format {{name}}.
- ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - persistence String
- quic
Object
Firewall Accessproxy Api Gateway6Quic - realservers
List<Object
Firewall Accessproxy Api Gateway6Realserver> - Realservers. The structure of
realserversblock is documented below. - saml
Redirect String - saml
Server String - service String
- ssl
Algorithm String - ssl
Cipher List<ObjectSuites Firewall Accessproxy Api Gateway6Ssl Cipher Suite> - ssl
Dh StringBits - ssl
Max StringVersion - ssl
Min StringVersion - ssl
Renegotiation String - ssl
Vpn StringWeb Portal - url
Map String - url
Map StringType - virtual
Host String
- applications string[]
- h2Support string
- h3Support string
- number
- string
- string
- number
- string
- string
- string
- id number
- an identifier for the resource with format {{name}}.
- ldb
Method string - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - persistence string
- quic
Object
Firewall Accessproxy Api Gateway6Quic - realservers
Object
Firewall Accessproxy Api Gateway6Realserver[] - Realservers. The structure of
realserversblock is documented below. - saml
Redirect string - saml
Server string - service string
- ssl
Algorithm string - ssl
Cipher ObjectSuites Firewall Accessproxy Api Gateway6Ssl Cipher Suite[] - ssl
Dh stringBits - ssl
Max stringVersion - ssl
Min stringVersion - ssl
Renegotiation string - ssl
Vpn stringWeb Portal - url
Map string - url
Map stringType - virtual
Host string
- applications Sequence[str]
- h2_
support str - h3_
support str - float
- str
- str
- float
- str
- str
- str
- id float
- an identifier for the resource with format {{name}}.
- ldb_
method str - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - persistence str
- quic
Object
Firewall Accessproxy Api Gateway6Quic - realservers
Sequence[Object
Firewall Accessproxy Api Gateway6Realserver] - Realservers. The structure of
realserversblock is documented below. - saml_
redirect str - saml_
server str - service str
- ssl_
algorithm str - ssl_
cipher_ Sequence[Objectsuites Firewall Accessproxy Api Gateway6Ssl Cipher Suite] - ssl_
dh_ strbits - ssl_
max_ strversion - ssl_
min_ strversion - ssl_
renegotiation str - ssl_
vpn_ strweb_ portal - url_
map str - url_
map_ strtype - virtual_
host str
- applications List<String>
- h2Support String
- h3Support String
- Number
- String
- String
- Number
- String
- String
- String
- id Number
- an identifier for the resource with format {{name}}.
- ldb
Method String - Method used to distribute sessions to SSL real servers. Valid values:
static,round-robin,weighted,least-session,least-rtt,first-alive. - persistence String
- quic Property Map
- realservers List<Property Map>
- Realservers. The structure of
realserversblock is documented below. - saml
Redirect String - saml
Server String - service String
- ssl
Algorithm String - ssl
Cipher List<Property Map>Suites - ssl
Dh StringBits - ssl
Max StringVersion - ssl
Min StringVersion - ssl
Renegotiation String - ssl
Vpn StringWeb Portal - url
Map String - url
Map StringType - virtual
Host String
ObjectFirewallAccessproxyApiGateway6Quic, ObjectFirewallAccessproxyApiGateway6QuicArgs
, ObjectFirewallAccessproxyApiGateway6QuicArgs
- Ack
Delay doubleExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection doubleId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack doubleDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram doubleFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle doubleTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp doublePayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- Ack
Delay float64Exponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection float64Id Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack float64Delay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram float64Frame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle float64Timeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp float64Payload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay DoubleExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection DoubleId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack DoubleDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram DoubleFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle DoubleTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp DoublePayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay numberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection numberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack numberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram numberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle numberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp numberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack_
delay_ floatexponent - ACK delay exponent (1 - 20, default = 3).
- active_
connection_ floatid_ limit - Active connection ID limit (1 - 8, default = 2).
- active_
migration str - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease_
quic_ strbit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max_
ack_ floatdelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max_
datagram_ floatframe_ size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max_
idle_ floattimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max_
udp_ floatpayload_ size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay NumberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection NumberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack NumberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram NumberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle NumberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp NumberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ObjectFirewallAccessproxyApiGateway6Realserver, ObjectFirewallAccessproxyApiGateway6RealserverArgs
, ObjectFirewallAccessproxyApiGateway6RealserverArgs
- Addr
Type string - Type of address. Valid values:
fqdn,ip. - Address string
- Address or address group of the real server.
- Domain string
- Wildcard domain name of the real server.
- External
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - Health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - Health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - Holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Mappedport string
- Port for communicating with the real server.
- Port double
- Port for communicating with the real server.
- Ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- Ssh
Host stringKey - One or more server host key.
- Ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - Type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Addr
Type string - Type of address. Valid values:
fqdn,ip. - Address string
- Address or address group of the real server.
- Domain string
- Wildcard domain name of the real server.
- External
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - Health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - Health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - Holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Mappedport string
- Port for communicating with the real server.
- Port float64
- Port for communicating with the real server.
- Ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- Ssh
Host stringKey - One or more server host key.
- Ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - Type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type String - Type of address. Valid values:
fqdn,ip. - address String
- Address or address group of the real server.
- domain String
- Wildcard domain name of the real server.
- external
Auth String - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check String - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check StringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval String - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- mappedport String
- Port for communicating with the real server.
- port Double
- Port for communicating with the real server.
- ssh
Client StringCert - Set access-proxy SSH client certificate profile.
- ssh
Host StringKey - One or more server host key.
- ssh
Host StringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption String - Tunnel encryption. Valid values:
disable,enable. - type String
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type string - Type of address. Valid values:
fqdn,ip. - address string
- Address or address group of the real server.
- domain string
- Wildcard domain name of the real server.
- external
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- mappedport string
- Port for communicating with the real server.
- port number
- Port for communicating with the real server.
- ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- ssh
Host stringKey - One or more server host key.
- ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr_
type str - Type of address. Valid values:
fqdn,ip. - address str
- Address or address group of the real server.
- domain str
- Wildcard domain name of the real server.
- external_
auth str - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health_
check str - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health_
check_ strproto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown_
interval str - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- mappedport str
- Port for communicating with the real server.
- port float
- Port for communicating with the real server.
- ssh_
client_ strcert - Set access-proxy SSH client certificate profile.
- ssh_
host_ strkey - One or more server host key.
- ssh_
host_ strkey_ validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel_
encryption str - Tunnel encryption. Valid values:
disable,enable. - type str
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type String - Type of address. Valid values:
fqdn,ip. - address String
- Address or address group of the real server.
- domain String
- Wildcard domain name of the real server.
- external
Auth String - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check String - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check StringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval String - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- mappedport String
- Port for communicating with the real server.
- port Number
- Port for communicating with the real server.
- ssh
Client StringCert - Set access-proxy SSH client certificate profile.
- ssh
Host StringKey - One or more server host key.
- ssh
Host StringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption String - Tunnel encryption. Valid values:
disable,enable. - type String
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallAccessproxyApiGateway6SslCipherSuite, ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArgs
, ObjectFirewallAccessproxyApiGateway6SslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallAccessproxyApiGatewayQuic, ObjectFirewallAccessproxyApiGatewayQuicArgs
, ObjectFirewallAccessproxyApiGatewayQuicArgs
- Ack
Delay doubleExponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection doubleId Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack doubleDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram doubleFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle doubleTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp doublePayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- Ack
Delay float64Exponent - ACK delay exponent (1 - 20, default = 3).
- Active
Connection float64Id Limit - Active connection ID limit (1 - 8, default = 2).
- Active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - Grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - Max
Ack float64Delay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- Max
Datagram float64Frame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- Max
Idle float64Timeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- Max
Udp float64Payload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay DoubleExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection DoubleId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack DoubleDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram DoubleFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle DoubleTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp DoublePayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay numberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection numberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration string - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic stringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack numberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram numberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle numberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp numberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack_
delay_ floatexponent - ACK delay exponent (1 - 20, default = 3).
- active_
connection_ floatid_ limit - Active connection ID limit (1 - 8, default = 2).
- active_
migration str - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease_
quic_ strbit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max_
ack_ floatdelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max_
datagram_ floatframe_ size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max_
idle_ floattimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max_
udp_ floatpayload_ size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
- ack
Delay NumberExponent - ACK delay exponent (1 - 20, default = 3).
- active
Connection NumberId Limit - Active connection ID limit (1 - 8, default = 2).
- active
Migration String - Enable/disable active migration (default = disable). Valid values:
disable,enable. - grease
Quic StringBit - Enable/disable grease QUIC bit (default = enable). Valid values:
disable,enable. - max
Ack NumberDelay - Maximum ACK delay in milliseconds (1 - 16383, default = 25).
- max
Datagram NumberFrame Size - Maximum datagram frame size in bytes (1 - 1500, default = 1500).
- max
Idle NumberTimeout - Maximum idle timeout milliseconds (1 - 60000, default = 30000).
- max
Udp NumberPayload Size - Maximum UDP payload size in bytes (1200 - 1500, default = 1500).
ObjectFirewallAccessproxyApiGatewayRealserver, ObjectFirewallAccessproxyApiGatewayRealserverArgs
, ObjectFirewallAccessproxyApiGatewayRealserverArgs
- Addr
Type string - Type of address. Valid values:
fqdn,ip. - Address string
- Address or address group of the real server.
- Domain string
- Wildcard domain name of the real server.
- External
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - Health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - Health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - Holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - Http
Host string - HTTP server domain name in HTTP header.
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Mappedport string
- Port for communicating with the real server.
- Port double
- Port for communicating with the real server.
- Ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- Ssh
Host stringKey - One or more server host key.
- Ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - Type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Addr
Type string - Type of address. Valid values:
fqdn,ip. - Address string
- Address or address group of the real server.
- Domain string
- Wildcard domain name of the real server.
- External
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - Health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - Health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - Holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - Http
Host string - HTTP server domain name in HTTP header.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Mappedport string
- Port for communicating with the real server.
- Port float64
- Port for communicating with the real server.
- Ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- Ssh
Host stringKey - One or more server host key.
- Ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - Tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - Type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type String - Type of address. Valid values:
fqdn,ip. - address String
- Address or address group of the real server.
- domain String
- Wildcard domain name of the real server.
- external
Auth String - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check String - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check StringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval String - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host String - HTTP server domain name in HTTP header.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- mappedport String
- Port for communicating with the real server.
- port Double
- Port for communicating with the real server.
- ssh
Client StringCert - Set access-proxy SSH client certificate profile.
- ssh
Host StringKey - One or more server host key.
- ssh
Host StringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption String - Tunnel encryption. Valid values:
disable,enable. - type String
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type string - Type of address. Valid values:
fqdn,ip. - address string
- Address or address group of the real server.
- domain string
- Wildcard domain name of the real server.
- external
Auth string - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check string - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check stringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval string - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host string - HTTP server domain name in HTTP header.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- mappedport string
- Port for communicating with the real server.
- port number
- Port for communicating with the real server.
- ssh
Client stringCert - Set access-proxy SSH client certificate profile.
- ssh
Host stringKey - One or more server host key.
- ssh
Host stringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host string - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption string - Tunnel encryption. Valid values:
disable,enable. - type string
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr_
type str - Type of address. Valid values:
fqdn,ip. - address str
- Address or address group of the real server.
- domain str
- Wildcard domain name of the real server.
- external_
auth str - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health_
check str - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health_
check_ strproto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown_
interval str - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http_
host str - HTTP server domain name in HTTP header.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- mappedport str
- Port for communicating with the real server.
- port float
- Port for communicating with the real server.
- ssh_
client_ strcert - Set access-proxy SSH client certificate profile.
- ssh_
host_ strkey - One or more server host key.
- ssh_
host_ strkey_ validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate_
host str - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel_
encryption str - Tunnel encryption. Valid values:
disable,enable. - type str
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- addr
Type String - Type of address. Valid values:
fqdn,ip. - address String
- Address or address group of the real server.
- domain String
- Wildcard domain name of the real server.
- external
Auth String - Enable/disable use of external browser as user-agent for SAML user authentication. Valid values:
disable,enable. - health
Check String - Enable to check the responsiveness of the real server before forwarding traffic. Valid values:
disable,enable. - health
Check StringProto - Protocol of the health check monitor to use when polling to determine server's connectivity status. Valid values:
ping,http,tcp-connect. - holddown
Interval String - Enable/disable holddown timer. Server will be considered active and reachable once the holddown period has expired (30 seconds). Valid values:
disable,enable. - http
Host String - HTTP server domain name in HTTP header.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- mappedport String
- Port for communicating with the real server.
- port Number
- Port for communicating with the real server.
- ssh
Client StringCert - Set access-proxy SSH client certificate profile.
- ssh
Host StringKey - One or more server host key.
- ssh
Host StringKey Validation - Enable/disable SSH real server host key validation. Valid values:
disable,enable. - status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - translate
Host String - Enable/disable translation of hostname/IP from virtual server to real server. Valid values:
disable,enable. - tunnel
Encryption String - Tunnel encryption. Valid values:
disable,enable. - type String
- TCP forwarding server type. Valid values:
tcp-forwarding,ssh. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallAccessproxyApiGatewaySslCipherSuite, ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArgs
, ObjectFirewallAccessproxyApiGatewaySslCipherSuiteArgs
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority double
- SSL/TLS cipher suites priority.
- Versions List<string>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- Cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - Priority float64
- SSL/TLS cipher suites priority.
- Versions []string
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Double
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher string
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority number
- SSL/TLS cipher suites priority.
- versions string[]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher str
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority float
- SSL/TLS cipher suites priority.
- versions Sequence[str]
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
- cipher String
- Cipher suite name. Valid values:
TLS-RSA-WITH-RC4-128-MD5,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-DES-CBC-SHA,TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA256,TLS-RSA-WITH-AES-256-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-RSA-WITH-SEED-CBC-SHA,TLS-RSA-WITH-ARIA-128-CBC-SHA256,TLS-RSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-RSA-WITH-DES-CBC-SHA,TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA,TLS-DHE-RSA-WITH-AES-256-CBC-SHA,TLS-DHE-RSA-WITH-AES-128-CBC-SHA256,TLS-DHE-RSA-WITH-AES-256-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-RSA-WITH-SEED-CBC-SHA,TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-RC4-128-SHA,TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA,TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256,TLS-DHE-RSA-WITH-AES-128-GCM-SHA256,TLS-DHE-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-AES-128-CBC-SHA,TLS-DHE-DSS-WITH-AES-256-CBC-SHA,TLS-DHE-DSS-WITH-AES-128-CBC-SHA256,TLS-DHE-DSS-WITH-AES-128-GCM-SHA256,TLS-DHE-DSS-WITH-AES-256-CBC-SHA256,TLS-DHE-DSS-WITH-AES-256-GCM-SHA384,TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA,TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384,TLS-RSA-WITH-AES-128-GCM-SHA256,TLS-RSA-WITH-AES-256-GCM-SHA384,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA,TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256,TLS-DHE-DSS-WITH-SEED-CBC-SHA,TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256,TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384,TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256,TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384,TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA,TLS-DHE-DSS-WITH-DES-CBC-SHA,TLS-AES-128-GCM-SHA256,TLS-AES-256-GCM-SHA384,TLS-CHACHA20-POLY1305-SHA256,TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA. - priority Number
- SSL/TLS cipher suites priority.
- versions List<String>
- SSL/TLS versions that the cipher suite can be used with. Valid values:
tls-1.0,tls-1.1,tls-1.2,tls-1.3.
ObjectFirewallAccessproxyRealserver, ObjectFirewallAccessproxyRealserverArgs
, ObjectFirewallAccessproxyRealserverArgs
- Id double
- Real server ID.
- Ip string
- IP address of the real server.
- Port double
- Port for communicating with the real server.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Weight double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- Id float64
- Real server ID.
- Ip string
- IP address of the real server.
- Port float64
- Port for communicating with the real server.
- Status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - Weight float64
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- id Double
- Real server ID.
- ip String
- IP address of the real server.
- port Double
- Port for communicating with the real server.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - weight Double
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- id number
- Real server ID.
- ip string
- IP address of the real server.
- port number
- Port for communicating with the real server.
- status string
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - weight number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- id float
- Real server ID.
- ip str
- IP address of the real server.
- port float
- Port for communicating with the real server.
- status str
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - weight float
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
- id Number
- Real server ID.
- ip String
- IP address of the real server.
- port Number
- Port for communicating with the real server.
- status String
- Set the status of the real server to active so that it can accept traffic, or on standby or disabled so no traffic is sent. Valid values:
active,standby,disable. - weight Number
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
ObjectFirewallAccessproxyServerPubkeyAuthSettings, ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs
, ObjectFirewallAccessproxyServerPubkeyAuthSettingsArgs
- Auth
Ca string - Name of the SSH server public key authentication CA.
- Cert
Extensions List<ObjectFirewall Accessproxy Server Pubkey Auth Settings Cert Extension> - Cert-Extension. The structure of
cert_extensionblock is documented below. - Permit
Agent stringForwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - Permit
Port stringForwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - Permit
Pty string - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - Permit
User stringRc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - Permit
X11Forwarding string - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - Source
Address string - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
- Auth
Ca string - Name of the SSH server public key authentication CA.
- Cert
Extensions []ObjectFirewall Accessproxy Server Pubkey Auth Settings Cert Extension - Cert-Extension. The structure of
cert_extensionblock is documented below. - Permit
Agent stringForwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - Permit
Port stringForwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - Permit
Pty string - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - Permit
User stringRc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - Permit
X11Forwarding string - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - Source
Address string - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
- auth
Ca String - Name of the SSH server public key authentication CA.
- cert
Extensions List<ObjectFirewall Accessproxy Server Pubkey Auth Settings Cert Extension> - Cert-Extension. The structure of
cert_extensionblock is documented below. - permit
Agent StringForwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - permit
Port StringForwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - permit
Pty String - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - permit
User StringRc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - permit
X11Forwarding String - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - source
Address String - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
- auth
Ca string - Name of the SSH server public key authentication CA.
- cert
Extensions ObjectFirewall Accessproxy Server Pubkey Auth Settings Cert Extension[] - Cert-Extension. The structure of
cert_extensionblock is documented below. - permit
Agent stringForwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - permit
Port stringForwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - permit
Pty string - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - permit
User stringRc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - permit
X11Forwarding string - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - source
Address string - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
- auth_
ca str - Name of the SSH server public key authentication CA.
- cert_
extensions Sequence[ObjectFirewall Accessproxy Server Pubkey Auth Settings Cert Extension] - Cert-Extension. The structure of
cert_extensionblock is documented below. - permit_
agent_ strforwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - permit_
port_ strforwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - permit_
pty str - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - permit_
user_ strrc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - permit_
x11_ strforwarding - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - source_
address str - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
- auth
Ca String - Name of the SSH server public key authentication CA.
- cert
Extensions List<Property Map> - Cert-Extension. The structure of
cert_extensionblock is documented below. - permit
Agent StringForwarding - Enable/disable appending permit-agent-forwarding certificate extension. Valid values:
disable,enable. - permit
Port StringForwarding - Enable/disable appending permit-port-forwarding certificate extension. Valid values:
disable,enable. - permit
Pty String - Enable/disable appending permit-pty certificate extension. Valid values:
disable,enable. - permit
User StringRc - Enable/disable appending permit-user-rc certificate extension. Valid values:
disable,enable. - permit
X11Forwarding String - Enable/disable appending permit-x11-forwarding certificate extension. Valid values:
disable,enable. - source
Address String - Enable/disable appending source-address certificate critical option. This option ensure certificate only accepted from FortiGate source address. Valid values:
disable,enable.
ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtension, ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArgs
, ObjectFirewallAccessproxyServerPubkeyAuthSettingsCertExtensionArgs
Import
ObjectFirewall AccessProxy can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectFirewallAccessproxy:ObjectFirewallAccessproxy labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev