Docs Home
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
fortimanager.ObjectWirelesscontrollerVapDynamicMapping
Explore with Pulumi AI
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev
Configure Virtual Access Points (VAPs).
This resource is a sub resource for variable
dynamic_mappingof resourcefortimanager.ObjectWirelesscontrollerVap. Conflict and overwrite may occur if use both of them.
Create ObjectWirelesscontrollerVapDynamicMapping Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectWirelesscontrollerVapDynamicMapping(name: string, args: ObjectWirelesscontrollerVapDynamicMappingArgs, opts?: CustomResourceOptions);@overload
def ObjectWirelesscontrollerVapDynamicMapping(resource_name: str,
args: ObjectWirelesscontrollerVapDynamicMappingInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectWirelesscontrollerVapDynamicMapping(resource_name: str,
opts: Optional[ResourceOptions] = None,
vap: Optional[str] = None,
_centmgmt: Optional[str] = None,
_dhcp_svr_id: Optional[str] = None,
_intf_allowaccesses: Optional[Sequence[str]] = None,
_intf_device_access_list: Optional[str] = None,
_intf_device_identification: Optional[str] = None,
_intf_device_netscan: Optional[str] = None,
_intf_dhcp6_relay_ip: Optional[str] = None,
_intf_dhcp6_relay_service: Optional[str] = None,
_intf_dhcp6_relay_type: Optional[str] = None,
_intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
_intf_dhcp_relay_service: Optional[str] = None,
_intf_dhcp_relay_type: Optional[str] = None,
_intf_ip: Optional[str] = None,
_intf_ip6_address: Optional[str] = None,
_intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
_intf_listen_forticlient_connection: Optional[str] = None,
_is_factory_setting: Optional[str] = None,
_scopes: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs]] = None,
access_control_list: Optional[str] = None,
acct_interim_interval: Optional[float] = None,
additional_akms: Optional[Sequence[str]] = None,
address_group: Optional[str] = None,
address_group_policy: Optional[str] = None,
adom: Optional[str] = None,
alias: Optional[str] = None,
antivirus_profile: Optional[str] = None,
application_detection_engine: Optional[str] = None,
application_dscp_marking: Optional[str] = None,
application_list: Optional[str] = None,
application_report_intv: Optional[float] = None,
atf_weight: Optional[float] = None,
auth: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
beacon_advertisings: Optional[Sequence[str]] = None,
broadcast_ssid: Optional[str] = None,
broadcast_suppressions: Optional[Sequence[str]] = None,
bss_color_partial: Optional[str] = None,
bstm_disassociation_imminent: Optional[str] = None,
bstm_load_balancing_disassoc_timer: Optional[float] = None,
bstm_rssi_disassoc_timer: Optional[float] = None,
captive_portal_ac_name: Optional[str] = None,
captive_portal_auth_timeout: Optional[float] = None,
captive_portal_fw_accounting: Optional[str] = None,
captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
captive_portal_macauth_radius_server: Optional[str] = None,
captive_portal_radius_secrets: Optional[Sequence[str]] = None,
captive_portal_radius_server: Optional[str] = None,
captive_portal_session_timeout_interval: Optional[float] = None,
client_count: Optional[float] = None,
dhcp_address_enforcement: Optional[str] = None,
dhcp_lease_time: Optional[float] = None,
dhcp_option43_insertion: Optional[str] = None,
dhcp_option82_circuit_id_insertion: Optional[str] = None,
dhcp_option82_insertion: Optional[str] = None,
dhcp_option82_remote_id_insertion: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
dynamic_vlan: Optional[str] = None,
eap_reauth: Optional[str] = None,
eap_reauth_intv: Optional[float] = None,
eapol_key_retries: Optional[str] = None,
encrypt: Optional[str] = None,
external_fast_roaming: Optional[str] = None,
external_logout: Optional[str] = None,
external_web: Optional[str] = None,
external_web_format: Optional[str] = None,
fast_bss_transition: Optional[str] = None,
fast_roaming: Optional[str] = None,
ft_mobility_domain: Optional[float] = None,
ft_over_ds: Optional[str] = None,
ft_r0_key_lifetime: Optional[float] = None,
gas_comeback_delay: Optional[float] = None,
gas_fragmentation_limit: Optional[float] = None,
gtk_rekey: Optional[str] = None,
gtk_rekey_intv: Optional[float] = None,
high_efficiency: Optional[str] = None,
hotspot20_profile: Optional[str] = None,
igmp_snooping: Optional[str] = None,
intra_vap_privacy: Optional[str] = None,
ip: Optional[str] = None,
ips_sensor: Optional[str] = None,
ipv6_rules: Optional[Sequence[str]] = None,
keyindex: Optional[float] = None,
keys: Optional[Sequence[str]] = None,
l3_roaming: Optional[str] = None,
l3_roaming_mode: Optional[str] = None,
ldpc: Optional[str] = None,
local_authentication: Optional[str] = None,
local_bridging: Optional[str] = None,
local_lan: Optional[str] = None,
local_standalone: Optional[str] = None,
local_standalone_dns: Optional[str] = None,
local_standalone_dns_ips: Optional[Sequence[str]] = None,
local_standalone_nat: Optional[str] = None,
local_switching: Optional[str] = None,
mac_auth_bypass: Optional[str] = None,
mac_called_station_delimiter: Optional[str] = None,
mac_calling_station_delimiter: Optional[str] = None,
mac_case: Optional[str] = None,
mac_filter: Optional[str] = None,
mac_filter_policy_other: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
max_clients: Optional[float] = None,
max_clients_ap: Optional[float] = None,
mbo: Optional[str] = None,
mbo_cell_data_conn_pref: Optional[str] = None,
me_disable_thresh: Optional[float] = None,
mesh_backhaul: Optional[str] = None,
mpsk: Optional[str] = None,
mpsk_concurrent_clients: Optional[float] = None,
mpsk_profile: Optional[str] = None,
mu_mimo: Optional[str] = None,
multicast_enhance: Optional[str] = None,
multicast_rate: Optional[str] = None,
n80211k: Optional[str] = None,
n80211v: Optional[str] = None,
nac: Optional[str] = None,
nac_profile: Optional[str] = None,
neighbor_report_dual_band: Optional[str] = None,
object_wirelesscontroller_vap_dynamic_mapping_id: Optional[str] = None,
okc: Optional[str] = None,
osen: Optional[str] = None,
owe_groups: Optional[Sequence[str]] = None,
owe_transition: Optional[str] = None,
owe_transition_ssid: Optional[str] = None,
passphrases: Optional[Sequence[str]] = None,
pmf: Optional[str] = None,
pmf_assoc_comeback_timeout: Optional[float] = None,
pmf_sa_query_retry_timeout: Optional[float] = None,
port_macauth: Optional[str] = None,
port_macauth_reauth_timeout: Optional[float] = None,
port_macauth_timeout: Optional[float] = None,
portal_message_override_group: Optional[str] = None,
portal_type: Optional[str] = None,
primary_wag_profile: Optional[str] = None,
probe_resp_suppression: Optional[str] = None,
probe_resp_threshold: Optional[str] = None,
ptk_rekey: Optional[str] = None,
ptk_rekey_intv: Optional[float] = None,
qos_profile: Optional[str] = None,
quarantine: Optional[str] = None,
radio2g_threshold: Optional[str] = None,
radio5g_threshold: Optional[str] = None,
radio_sensitivity: Optional[str] = None,
radius_mac_auth: Optional[str] = None,
radius_mac_auth_block_interval: Optional[float] = None,
radius_mac_auth_server: Optional[str] = None,
radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
radius_mac_mpsk_auth: Optional[str] = None,
radius_mac_mpsk_timeout: Optional[float] = None,
radius_server: Optional[str] = None,
rates11ac_mcs_map: Optional[str] = None,
rates11ac_ss12s: Optional[Sequence[str]] = None,
rates11ac_ss34s: Optional[Sequence[str]] = None,
rates11as: Optional[Sequence[str]] = None,
rates11ax_mcs_map: Optional[str] = None,
rates11ax_ss12s: Optional[Sequence[str]] = None,
rates11ax_ss34s: Optional[Sequence[str]] = None,
rates11bgs: Optional[Sequence[str]] = None,
rates11n_ss12s: Optional[Sequence[str]] = None,
rates11n_ss34s: Optional[Sequence[str]] = None,
roaming_acct_interim_update: Optional[str] = None,
sae_groups: Optional[Sequence[str]] = None,
sae_h2e_only: Optional[str] = None,
sae_hnp_only: Optional[str] = None,
sae_passwords: Optional[Sequence[str]] = None,
sae_pk: Optional[str] = None,
sae_private_key: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
secondary_wag_profile: Optional[str] = None,
security: Optional[str] = None,
security_exempt_list: Optional[str] = None,
security_obsolete_option: Optional[str] = None,
security_redirect_url: Optional[str] = None,
selected_usergroups: Optional[str] = None,
split_tunneling: Optional[str] = None,
ssid: Optional[str] = None,
sticky_client_remove: Optional[str] = None,
sticky_client_threshold2g: Optional[str] = None,
sticky_client_threshold5g: Optional[str] = None,
sticky_client_threshold6g: Optional[str] = None,
target_wake_time: Optional[str] = None,
tkip_counter_measure: Optional[str] = None,
tunnel_echo_interval: Optional[float] = None,
tunnel_fallback_interval: Optional[float] = None,
usergroup: Optional[str] = None,
utm_log: Optional[str] = None,
utm_profile: Optional[str] = None,
utm_status: Optional[str] = None,
vdom: Optional[str] = None,
vlan_auto: Optional[str] = None,
vlan_pooling: Optional[str] = None,
vlanid: Optional[float] = None,
voice_enterprise: Optional[str] = None,
webfilter_profile: Optional[str] = None)func NewObjectWirelesscontrollerVapDynamicMapping(ctx *Context, name string, args ObjectWirelesscontrollerVapDynamicMappingArgs, opts ...ResourceOption) (*ObjectWirelesscontrollerVapDynamicMapping, error)public ObjectWirelesscontrollerVapDynamicMapping(string name, ObjectWirelesscontrollerVapDynamicMappingArgs args, CustomResourceOptions? opts = null)public ObjectWirelesscontrollerVapDynamicMapping(String name, ObjectWirelesscontrollerVapDynamicMappingArgs args)
public ObjectWirelesscontrollerVapDynamicMapping(String name, ObjectWirelesscontrollerVapDynamicMappingArgs args, CustomResourceOptions options)
type: fortimanager:ObjectWirelesscontrollerVapDynamicMapping
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectWirelesscontrollerVapDynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ObjectWirelesscontrollerVapDynamicMappingInitArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectWirelesscontrollerVapDynamicMappingArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ObjectWirelesscontrollerVapDynamicMappingArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ObjectWirelesscontrollerVapDynamicMappingArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectWirelesscontrollerVapDynamicMappingResource = new Fortimanager.ObjectWirelesscontrollerVapDynamicMapping("objectWirelesscontrollerVapDynamicMappingResource", new()
{
Vap = "string",
_centmgmt = "string",
_dhcpSvrId = "string",
_intfAllowaccesses = new[]
{
"string",
},
_intfDeviceAccessList = "string",
_intfDeviceIdentification = "string",
_intfDeviceNetscan = "string",
_intfDhcp6RelayIp = "string",
_intfDhcp6RelayService = "string",
_intfDhcp6RelayType = "string",
_intfDhcpRelayIps = new[]
{
"string",
},
_intfDhcpRelayService = "string",
_intfDhcpRelayType = "string",
_intfIp = "string",
_intfIp6Address = "string",
_intfIp6Allowaccesses = new[]
{
"string",
},
_intfListenForticlientConnection = "string",
_isFactorySetting = "string",
_scopes = new[]
{
new Fortimanager.Inputs.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs
{
Name = "string",
Vdom = "string",
},
},
AccessControlList = "string",
AcctInterimInterval = 0,
AdditionalAkms = new[]
{
"string",
},
AddressGroup = "string",
AddressGroupPolicy = "string",
Adom = "string",
Alias = "string",
AntivirusProfile = "string",
ApplicationDetectionEngine = "string",
ApplicationDscpMarking = "string",
ApplicationList = "string",
ApplicationReportIntv = 0,
AtfWeight = 0,
Auth = "string",
AuthCert = "string",
AuthPortalAddr = "string",
BeaconAdvertisings = new[]
{
"string",
},
BroadcastSsid = "string",
BroadcastSuppressions = new[]
{
"string",
},
BssColorPartial = "string",
BstmDisassociationImminent = "string",
BstmLoadBalancingDisassocTimer = 0,
BstmRssiDisassocTimer = 0,
CaptivePortalAcName = "string",
CaptivePortalAuthTimeout = 0,
CaptivePortalFwAccounting = "string",
CaptivePortalMacauthRadiusSecrets = new[]
{
"string",
},
CaptivePortalMacauthRadiusServer = "string",
CaptivePortalRadiusSecrets = new[]
{
"string",
},
CaptivePortalRadiusServer = "string",
CaptivePortalSessionTimeoutInterval = 0,
ClientCount = 0,
DhcpAddressEnforcement = "string",
DhcpLeaseTime = 0,
DhcpOption43Insertion = "string",
DhcpOption82CircuitIdInsertion = "string",
DhcpOption82Insertion = "string",
DhcpOption82RemoteIdInsertion = "string",
DynamicSortSubtable = "string",
DynamicVlan = "string",
EapReauth = "string",
EapReauthIntv = 0,
EapolKeyRetries = "string",
Encrypt = "string",
ExternalFastRoaming = "string",
ExternalLogout = "string",
ExternalWeb = "string",
ExternalWebFormat = "string",
FastBssTransition = "string",
FastRoaming = "string",
FtMobilityDomain = 0,
FtOverDs = "string",
FtR0KeyLifetime = 0,
GasComebackDelay = 0,
GasFragmentationLimit = 0,
GtkRekey = "string",
GtkRekeyIntv = 0,
HighEfficiency = "string",
Hotspot20Profile = "string",
IgmpSnooping = "string",
IntraVapPrivacy = "string",
Ip = "string",
IpsSensor = "string",
Ipv6Rules = new[]
{
"string",
},
Keyindex = 0,
Keys = new[]
{
"string",
},
L3Roaming = "string",
L3RoamingMode = "string",
Ldpc = "string",
LocalAuthentication = "string",
LocalBridging = "string",
LocalLan = "string",
LocalStandalone = "string",
LocalStandaloneDns = "string",
LocalStandaloneDnsIps = new[]
{
"string",
},
LocalStandaloneNat = "string",
LocalSwitching = "string",
MacAuthBypass = "string",
MacCalledStationDelimiter = "string",
MacCallingStationDelimiter = "string",
MacCase = "string",
MacFilter = "string",
MacFilterPolicyOther = "string",
MacPasswordDelimiter = "string",
MacUsernameDelimiter = "string",
MaxClients = 0,
MaxClientsAp = 0,
Mbo = "string",
MboCellDataConnPref = "string",
MeDisableThresh = 0,
MeshBackhaul = "string",
Mpsk = "string",
MpskConcurrentClients = 0,
MpskProfile = "string",
MuMimo = "string",
MulticastEnhance = "string",
MulticastRate = "string",
N80211k = "string",
N80211v = "string",
Nac = "string",
NacProfile = "string",
NeighborReportDualBand = "string",
ObjectWirelesscontrollerVapDynamicMappingId = "string",
Okc = "string",
Osen = "string",
OweGroups = new[]
{
"string",
},
OweTransition = "string",
OweTransitionSsid = "string",
Passphrases = new[]
{
"string",
},
Pmf = "string",
PmfAssocComebackTimeout = 0,
PmfSaQueryRetryTimeout = 0,
PortMacauth = "string",
PortMacauthReauthTimeout = 0,
PortMacauthTimeout = 0,
PortalMessageOverrideGroup = "string",
PortalType = "string",
PrimaryWagProfile = "string",
ProbeRespSuppression = "string",
ProbeRespThreshold = "string",
PtkRekey = "string",
PtkRekeyIntv = 0,
QosProfile = "string",
Quarantine = "string",
Radio2gThreshold = "string",
Radio5gThreshold = "string",
RadioSensitivity = "string",
RadiusMacAuth = "string",
RadiusMacAuthBlockInterval = 0,
RadiusMacAuthServer = "string",
RadiusMacAuthUsergroups = new[]
{
"string",
},
RadiusMacMpskAuth = "string",
RadiusMacMpskTimeout = 0,
RadiusServer = "string",
Rates11acMcsMap = "string",
Rates11acSs12s = new[]
{
"string",
},
Rates11acSs34s = new[]
{
"string",
},
Rates11as = new[]
{
"string",
},
Rates11axMcsMap = "string",
Rates11axSs12s = new[]
{
"string",
},
Rates11axSs34s = new[]
{
"string",
},
Rates11bgs = new[]
{
"string",
},
Rates11nSs12s = new[]
{
"string",
},
Rates11nSs34s = new[]
{
"string",
},
RoamingAcctInterimUpdate = "string",
SaeGroups = new[]
{
"string",
},
SaeH2eOnly = "string",
SaeHnpOnly = "string",
SaePasswords = new[]
{
"string",
},
SaePk = "string",
SaePrivateKey = "string",
ScanBotnetConnections = "string",
Schedule = "string",
Scopetype = "string",
SecondaryWagProfile = "string",
Security = "string",
SecurityExemptList = "string",
SecurityObsoleteOption = "string",
SecurityRedirectUrl = "string",
SelectedUsergroups = "string",
SplitTunneling = "string",
Ssid = "string",
StickyClientRemove = "string",
StickyClientThreshold2g = "string",
StickyClientThreshold5g = "string",
StickyClientThreshold6g = "string",
TargetWakeTime = "string",
TkipCounterMeasure = "string",
TunnelEchoInterval = 0,
TunnelFallbackInterval = 0,
Usergroup = "string",
UtmLog = "string",
UtmProfile = "string",
UtmStatus = "string",
Vdom = "string",
VlanAuto = "string",
VlanPooling = "string",
Vlanid = 0,
VoiceEnterprise = "string",
WebfilterProfile = "string",
});
example, err := fortimanager.NewObjectWirelesscontrollerVapDynamicMapping(ctx, "objectWirelesscontrollerVapDynamicMappingResource", &fortimanager.ObjectWirelesscontrollerVapDynamicMappingArgs{
Vap: pulumi.String("string"),
_centmgmt: pulumi.String("string"),
_dhcpSvrId: pulumi.String("string"),
_intfAllowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfDeviceAccessList: pulumi.String("string"),
_intfDeviceIdentification: pulumi.String("string"),
_intfDeviceNetscan: pulumi.String("string"),
_intfDhcp6RelayIp: pulumi.String("string"),
_intfDhcp6RelayService: pulumi.String("string"),
_intfDhcp6RelayType: pulumi.String("string"),
_intfDhcpRelayIps: pulumi.StringArray{
pulumi.String("string"),
},
_intfDhcpRelayService: pulumi.String("string"),
_intfDhcpRelayType: pulumi.String("string"),
_intfIp: pulumi.String("string"),
_intfIp6Address: pulumi.String("string"),
_intfIp6Allowaccesses: pulumi.StringArray{
pulumi.String("string"),
},
_intfListenForticlientConnection: pulumi.String("string"),
_isFactorySetting: pulumi.String("string"),
_scopes: .ObjectWirelesscontrollerVapDynamicMapping_ScopeArray{
&.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs{
Name: pulumi.String("string"),
Vdom: pulumi.String("string"),
},
},
AccessControlList: pulumi.String("string"),
AcctInterimInterval: pulumi.Float64(0),
AdditionalAkms: pulumi.StringArray{
pulumi.String("string"),
},
AddressGroup: pulumi.String("string"),
AddressGroupPolicy: pulumi.String("string"),
Adom: pulumi.String("string"),
Alias: pulumi.String("string"),
AntivirusProfile: pulumi.String("string"),
ApplicationDetectionEngine: pulumi.String("string"),
ApplicationDscpMarking: pulumi.String("string"),
ApplicationList: pulumi.String("string"),
ApplicationReportIntv: pulumi.Float64(0),
AtfWeight: pulumi.Float64(0),
Auth: pulumi.String("string"),
AuthCert: pulumi.String("string"),
AuthPortalAddr: pulumi.String("string"),
BeaconAdvertisings: pulumi.StringArray{
pulumi.String("string"),
},
BroadcastSsid: pulumi.String("string"),
BroadcastSuppressions: pulumi.StringArray{
pulumi.String("string"),
},
BssColorPartial: pulumi.String("string"),
BstmDisassociationImminent: pulumi.String("string"),
BstmLoadBalancingDisassocTimer: pulumi.Float64(0),
BstmRssiDisassocTimer: pulumi.Float64(0),
CaptivePortalAcName: pulumi.String("string"),
CaptivePortalAuthTimeout: pulumi.Float64(0),
CaptivePortalFwAccounting: pulumi.String("string"),
CaptivePortalMacauthRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalMacauthRadiusServer: pulumi.String("string"),
CaptivePortalRadiusSecrets: pulumi.StringArray{
pulumi.String("string"),
},
CaptivePortalRadiusServer: pulumi.String("string"),
CaptivePortalSessionTimeoutInterval: pulumi.Float64(0),
ClientCount: pulumi.Float64(0),
DhcpAddressEnforcement: pulumi.String("string"),
DhcpLeaseTime: pulumi.Float64(0),
DhcpOption43Insertion: pulumi.String("string"),
DhcpOption82CircuitIdInsertion: pulumi.String("string"),
DhcpOption82Insertion: pulumi.String("string"),
DhcpOption82RemoteIdInsertion: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
DynamicVlan: pulumi.String("string"),
EapReauth: pulumi.String("string"),
EapReauthIntv: pulumi.Float64(0),
EapolKeyRetries: pulumi.String("string"),
Encrypt: pulumi.String("string"),
ExternalFastRoaming: pulumi.String("string"),
ExternalLogout: pulumi.String("string"),
ExternalWeb: pulumi.String("string"),
ExternalWebFormat: pulumi.String("string"),
FastBssTransition: pulumi.String("string"),
FastRoaming: pulumi.String("string"),
FtMobilityDomain: pulumi.Float64(0),
FtOverDs: pulumi.String("string"),
FtR0KeyLifetime: pulumi.Float64(0),
GasComebackDelay: pulumi.Float64(0),
GasFragmentationLimit: pulumi.Float64(0),
GtkRekey: pulumi.String("string"),
GtkRekeyIntv: pulumi.Float64(0),
HighEfficiency: pulumi.String("string"),
Hotspot20Profile: pulumi.String("string"),
IgmpSnooping: pulumi.String("string"),
IntraVapPrivacy: pulumi.String("string"),
Ip: pulumi.String("string"),
IpsSensor: pulumi.String("string"),
Ipv6Rules: pulumi.StringArray{
pulumi.String("string"),
},
Keyindex: pulumi.Float64(0),
Keys: pulumi.StringArray{
pulumi.String("string"),
},
L3Roaming: pulumi.String("string"),
L3RoamingMode: pulumi.String("string"),
Ldpc: pulumi.String("string"),
LocalAuthentication: pulumi.String("string"),
LocalBridging: pulumi.String("string"),
LocalLan: pulumi.String("string"),
LocalStandalone: pulumi.String("string"),
LocalStandaloneDns: pulumi.String("string"),
LocalStandaloneDnsIps: pulumi.StringArray{
pulumi.String("string"),
},
LocalStandaloneNat: pulumi.String("string"),
LocalSwitching: pulumi.String("string"),
MacAuthBypass: pulumi.String("string"),
MacCalledStationDelimiter: pulumi.String("string"),
MacCallingStationDelimiter: pulumi.String("string"),
MacCase: pulumi.String("string"),
MacFilter: pulumi.String("string"),
MacFilterPolicyOther: pulumi.String("string"),
MacPasswordDelimiter: pulumi.String("string"),
MacUsernameDelimiter: pulumi.String("string"),
MaxClients: pulumi.Float64(0),
MaxClientsAp: pulumi.Float64(0),
Mbo: pulumi.String("string"),
MboCellDataConnPref: pulumi.String("string"),
MeDisableThresh: pulumi.Float64(0),
MeshBackhaul: pulumi.String("string"),
Mpsk: pulumi.String("string"),
MpskConcurrentClients: pulumi.Float64(0),
MpskProfile: pulumi.String("string"),
MuMimo: pulumi.String("string"),
MulticastEnhance: pulumi.String("string"),
MulticastRate: pulumi.String("string"),
N80211k: pulumi.String("string"),
N80211v: pulumi.String("string"),
Nac: pulumi.String("string"),
NacProfile: pulumi.String("string"),
NeighborReportDualBand: pulumi.String("string"),
ObjectWirelesscontrollerVapDynamicMappingId: pulumi.String("string"),
Okc: pulumi.String("string"),
Osen: pulumi.String("string"),
OweGroups: pulumi.StringArray{
pulumi.String("string"),
},
OweTransition: pulumi.String("string"),
OweTransitionSsid: pulumi.String("string"),
Passphrases: pulumi.StringArray{
pulumi.String("string"),
},
Pmf: pulumi.String("string"),
PmfAssocComebackTimeout: pulumi.Float64(0),
PmfSaQueryRetryTimeout: pulumi.Float64(0),
PortMacauth: pulumi.String("string"),
PortMacauthReauthTimeout: pulumi.Float64(0),
PortMacauthTimeout: pulumi.Float64(0),
PortalMessageOverrideGroup: pulumi.String("string"),
PortalType: pulumi.String("string"),
PrimaryWagProfile: pulumi.String("string"),
ProbeRespSuppression: pulumi.String("string"),
ProbeRespThreshold: pulumi.String("string"),
PtkRekey: pulumi.String("string"),
PtkRekeyIntv: pulumi.Float64(0),
QosProfile: pulumi.String("string"),
Quarantine: pulumi.String("string"),
Radio2gThreshold: pulumi.String("string"),
Radio5gThreshold: pulumi.String("string"),
RadioSensitivity: pulumi.String("string"),
RadiusMacAuth: pulumi.String("string"),
RadiusMacAuthBlockInterval: pulumi.Float64(0),
RadiusMacAuthServer: pulumi.String("string"),
RadiusMacAuthUsergroups: pulumi.StringArray{
pulumi.String("string"),
},
RadiusMacMpskAuth: pulumi.String("string"),
RadiusMacMpskTimeout: pulumi.Float64(0),
RadiusServer: pulumi.String("string"),
Rates11acMcsMap: pulumi.String("string"),
Rates11acSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11acSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11as: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axMcsMap: pulumi.String("string"),
Rates11axSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11axSs34s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11bgs: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs12s: pulumi.StringArray{
pulumi.String("string"),
},
Rates11nSs34s: pulumi.StringArray{
pulumi.String("string"),
},
RoamingAcctInterimUpdate: pulumi.String("string"),
SaeGroups: pulumi.StringArray{
pulumi.String("string"),
},
SaeH2eOnly: pulumi.String("string"),
SaeHnpOnly: pulumi.String("string"),
SaePasswords: pulumi.StringArray{
pulumi.String("string"),
},
SaePk: pulumi.String("string"),
SaePrivateKey: pulumi.String("string"),
ScanBotnetConnections: pulumi.String("string"),
Schedule: pulumi.String("string"),
Scopetype: pulumi.String("string"),
SecondaryWagProfile: pulumi.String("string"),
Security: pulumi.String("string"),
SecurityExemptList: pulumi.String("string"),
SecurityObsoleteOption: pulumi.String("string"),
SecurityRedirectUrl: pulumi.String("string"),
SelectedUsergroups: pulumi.String("string"),
SplitTunneling: pulumi.String("string"),
Ssid: pulumi.String("string"),
StickyClientRemove: pulumi.String("string"),
StickyClientThreshold2g: pulumi.String("string"),
StickyClientThreshold5g: pulumi.String("string"),
StickyClientThreshold6g: pulumi.String("string"),
TargetWakeTime: pulumi.String("string"),
TkipCounterMeasure: pulumi.String("string"),
TunnelEchoInterval: pulumi.Float64(0),
TunnelFallbackInterval: pulumi.Float64(0),
Usergroup: pulumi.String("string"),
UtmLog: pulumi.String("string"),
UtmProfile: pulumi.String("string"),
UtmStatus: pulumi.String("string"),
Vdom: pulumi.String("string"),
VlanAuto: pulumi.String("string"),
VlanPooling: pulumi.String("string"),
Vlanid: pulumi.Float64(0),
VoiceEnterprise: pulumi.String("string"),
WebfilterProfile: pulumi.String("string"),
})
var objectWirelesscontrollerVapDynamicMappingResource = new ObjectWirelesscontrollerVapDynamicMapping("objectWirelesscontrollerVapDynamicMappingResource", ObjectWirelesscontrollerVapDynamicMappingArgs.builder()
.vap("string")
._centmgmt("string")
._dhcpSvrId("string")
._intfAllowaccesses("string")
._intfDeviceAccessList("string")
._intfDeviceIdentification("string")
._intfDeviceNetscan("string")
._intfDhcp6RelayIp("string")
._intfDhcp6RelayService("string")
._intfDhcp6RelayType("string")
._intfDhcpRelayIps("string")
._intfDhcpRelayService("string")
._intfDhcpRelayType("string")
._intfIp("string")
._intfIp6Address("string")
._intfIp6Allowaccesses("string")
._intfListenForticlientConnection("string")
._isFactorySetting("string")
._scopes(ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs.builder()
.name("string")
.vdom("string")
.build())
.accessControlList("string")
.acctInterimInterval(0)
.additionalAkms("string")
.addressGroup("string")
.addressGroupPolicy("string")
.adom("string")
.alias("string")
.antivirusProfile("string")
.applicationDetectionEngine("string")
.applicationDscpMarking("string")
.applicationList("string")
.applicationReportIntv(0)
.atfWeight(0)
.auth("string")
.authCert("string")
.authPortalAddr("string")
.beaconAdvertisings("string")
.broadcastSsid("string")
.broadcastSuppressions("string")
.bssColorPartial("string")
.bstmDisassociationImminent("string")
.bstmLoadBalancingDisassocTimer(0)
.bstmRssiDisassocTimer(0)
.captivePortalAcName("string")
.captivePortalAuthTimeout(0)
.captivePortalFwAccounting("string")
.captivePortalMacauthRadiusSecrets("string")
.captivePortalMacauthRadiusServer("string")
.captivePortalRadiusSecrets("string")
.captivePortalRadiusServer("string")
.captivePortalSessionTimeoutInterval(0)
.clientCount(0)
.dhcpAddressEnforcement("string")
.dhcpLeaseTime(0)
.dhcpOption43Insertion("string")
.dhcpOption82CircuitIdInsertion("string")
.dhcpOption82Insertion("string")
.dhcpOption82RemoteIdInsertion("string")
.dynamicSortSubtable("string")
.dynamicVlan("string")
.eapReauth("string")
.eapReauthIntv(0)
.eapolKeyRetries("string")
.encrypt("string")
.externalFastRoaming("string")
.externalLogout("string")
.externalWeb("string")
.externalWebFormat("string")
.fastBssTransition("string")
.fastRoaming("string")
.ftMobilityDomain(0)
.ftOverDs("string")
.ftR0KeyLifetime(0)
.gasComebackDelay(0)
.gasFragmentationLimit(0)
.gtkRekey("string")
.gtkRekeyIntv(0)
.highEfficiency("string")
.hotspot20Profile("string")
.igmpSnooping("string")
.intraVapPrivacy("string")
.ip("string")
.ipsSensor("string")
.ipv6Rules("string")
.keyindex(0)
.keys("string")
.l3Roaming("string")
.l3RoamingMode("string")
.ldpc("string")
.localAuthentication("string")
.localBridging("string")
.localLan("string")
.localStandalone("string")
.localStandaloneDns("string")
.localStandaloneDnsIps("string")
.localStandaloneNat("string")
.localSwitching("string")
.macAuthBypass("string")
.macCalledStationDelimiter("string")
.macCallingStationDelimiter("string")
.macCase("string")
.macFilter("string")
.macFilterPolicyOther("string")
.macPasswordDelimiter("string")
.macUsernameDelimiter("string")
.maxClients(0)
.maxClientsAp(0)
.mbo("string")
.mboCellDataConnPref("string")
.meDisableThresh(0)
.meshBackhaul("string")
.mpsk("string")
.mpskConcurrentClients(0)
.mpskProfile("string")
.muMimo("string")
.multicastEnhance("string")
.multicastRate("string")
.n80211k("string")
.n80211v("string")
.nac("string")
.nacProfile("string")
.neighborReportDualBand("string")
.objectWirelesscontrollerVapDynamicMappingId("string")
.okc("string")
.osen("string")
.oweGroups("string")
.oweTransition("string")
.oweTransitionSsid("string")
.passphrases("string")
.pmf("string")
.pmfAssocComebackTimeout(0)
.pmfSaQueryRetryTimeout(0)
.portMacauth("string")
.portMacauthReauthTimeout(0)
.portMacauthTimeout(0)
.portalMessageOverrideGroup("string")
.portalType("string")
.primaryWagProfile("string")
.probeRespSuppression("string")
.probeRespThreshold("string")
.ptkRekey("string")
.ptkRekeyIntv(0)
.qosProfile("string")
.quarantine("string")
.radio2gThreshold("string")
.radio5gThreshold("string")
.radioSensitivity("string")
.radiusMacAuth("string")
.radiusMacAuthBlockInterval(0)
.radiusMacAuthServer("string")
.radiusMacAuthUsergroups("string")
.radiusMacMpskAuth("string")
.radiusMacMpskTimeout(0)
.radiusServer("string")
.rates11acMcsMap("string")
.rates11acSs12s("string")
.rates11acSs34s("string")
.rates11as("string")
.rates11axMcsMap("string")
.rates11axSs12s("string")
.rates11axSs34s("string")
.rates11bgs("string")
.rates11nSs12s("string")
.rates11nSs34s("string")
.roamingAcctInterimUpdate("string")
.saeGroups("string")
.saeH2eOnly("string")
.saeHnpOnly("string")
.saePasswords("string")
.saePk("string")
.saePrivateKey("string")
.scanBotnetConnections("string")
.schedule("string")
.scopetype("string")
.secondaryWagProfile("string")
.security("string")
.securityExemptList("string")
.securityObsoleteOption("string")
.securityRedirectUrl("string")
.selectedUsergroups("string")
.splitTunneling("string")
.ssid("string")
.stickyClientRemove("string")
.stickyClientThreshold2g("string")
.stickyClientThreshold5g("string")
.stickyClientThreshold6g("string")
.targetWakeTime("string")
.tkipCounterMeasure("string")
.tunnelEchoInterval(0)
.tunnelFallbackInterval(0)
.usergroup("string")
.utmLog("string")
.utmProfile("string")
.utmStatus("string")
.vdom("string")
.vlanAuto("string")
.vlanPooling("string")
.vlanid(0)
.voiceEnterprise("string")
.webfilterProfile("string")
.build());
object_wirelesscontroller_vap_dynamic_mapping_resource = fortimanager.ObjectWirelesscontrollerVapDynamicMapping("objectWirelesscontrollerVapDynamicMappingResource",
vap="string",
_centmgmt="string",
_dhcp_svr_id="string",
_intf_allowaccesses=["string"],
_intf_device_access_list="string",
_intf_device_identification="string",
_intf_device_netscan="string",
_intf_dhcp6_relay_ip="string",
_intf_dhcp6_relay_service="string",
_intf_dhcp6_relay_type="string",
_intf_dhcp_relay_ips=["string"],
_intf_dhcp_relay_service="string",
_intf_dhcp_relay_type="string",
_intf_ip="string",
_intf_ip6_address="string",
_intf_ip6_allowaccesses=["string"],
_intf_listen_forticlient_connection="string",
_is_factory_setting="string",
_scopes=[{
"name": "string",
"vdom": "string",
}],
access_control_list="string",
acct_interim_interval=0,
additional_akms=["string"],
address_group="string",
address_group_policy="string",
adom="string",
alias="string",
antivirus_profile="string",
application_detection_engine="string",
application_dscp_marking="string",
application_list="string",
application_report_intv=0,
atf_weight=0,
auth="string",
auth_cert="string",
auth_portal_addr="string",
beacon_advertisings=["string"],
broadcast_ssid="string",
broadcast_suppressions=["string"],
bss_color_partial="string",
bstm_disassociation_imminent="string",
bstm_load_balancing_disassoc_timer=0,
bstm_rssi_disassoc_timer=0,
captive_portal_ac_name="string",
captive_portal_auth_timeout=0,
captive_portal_fw_accounting="string",
captive_portal_macauth_radius_secrets=["string"],
captive_portal_macauth_radius_server="string",
captive_portal_radius_secrets=["string"],
captive_portal_radius_server="string",
captive_portal_session_timeout_interval=0,
client_count=0,
dhcp_address_enforcement="string",
dhcp_lease_time=0,
dhcp_option43_insertion="string",
dhcp_option82_circuit_id_insertion="string",
dhcp_option82_insertion="string",
dhcp_option82_remote_id_insertion="string",
dynamic_sort_subtable="string",
dynamic_vlan="string",
eap_reauth="string",
eap_reauth_intv=0,
eapol_key_retries="string",
encrypt="string",
external_fast_roaming="string",
external_logout="string",
external_web="string",
external_web_format="string",
fast_bss_transition="string",
fast_roaming="string",
ft_mobility_domain=0,
ft_over_ds="string",
ft_r0_key_lifetime=0,
gas_comeback_delay=0,
gas_fragmentation_limit=0,
gtk_rekey="string",
gtk_rekey_intv=0,
high_efficiency="string",
hotspot20_profile="string",
igmp_snooping="string",
intra_vap_privacy="string",
ip="string",
ips_sensor="string",
ipv6_rules=["string"],
keyindex=0,
keys=["string"],
l3_roaming="string",
l3_roaming_mode="string",
ldpc="string",
local_authentication="string",
local_bridging="string",
local_lan="string",
local_standalone="string",
local_standalone_dns="string",
local_standalone_dns_ips=["string"],
local_standalone_nat="string",
local_switching="string",
mac_auth_bypass="string",
mac_called_station_delimiter="string",
mac_calling_station_delimiter="string",
mac_case="string",
mac_filter="string",
mac_filter_policy_other="string",
mac_password_delimiter="string",
mac_username_delimiter="string",
max_clients=0,
max_clients_ap=0,
mbo="string",
mbo_cell_data_conn_pref="string",
me_disable_thresh=0,
mesh_backhaul="string",
mpsk="string",
mpsk_concurrent_clients=0,
mpsk_profile="string",
mu_mimo="string",
multicast_enhance="string",
multicast_rate="string",
n80211k="string",
n80211v="string",
nac="string",
nac_profile="string",
neighbor_report_dual_band="string",
object_wirelesscontroller_vap_dynamic_mapping_id="string",
okc="string",
osen="string",
owe_groups=["string"],
owe_transition="string",
owe_transition_ssid="string",
passphrases=["string"],
pmf="string",
pmf_assoc_comeback_timeout=0,
pmf_sa_query_retry_timeout=0,
port_macauth="string",
port_macauth_reauth_timeout=0,
port_macauth_timeout=0,
portal_message_override_group="string",
portal_type="string",
primary_wag_profile="string",
probe_resp_suppression="string",
probe_resp_threshold="string",
ptk_rekey="string",
ptk_rekey_intv=0,
qos_profile="string",
quarantine="string",
radio2g_threshold="string",
radio5g_threshold="string",
radio_sensitivity="string",
radius_mac_auth="string",
radius_mac_auth_block_interval=0,
radius_mac_auth_server="string",
radius_mac_auth_usergroups=["string"],
radius_mac_mpsk_auth="string",
radius_mac_mpsk_timeout=0,
radius_server="string",
rates11ac_mcs_map="string",
rates11ac_ss12s=["string"],
rates11ac_ss34s=["string"],
rates11as=["string"],
rates11ax_mcs_map="string",
rates11ax_ss12s=["string"],
rates11ax_ss34s=["string"],
rates11bgs=["string"],
rates11n_ss12s=["string"],
rates11n_ss34s=["string"],
roaming_acct_interim_update="string",
sae_groups=["string"],
sae_h2e_only="string",
sae_hnp_only="string",
sae_passwords=["string"],
sae_pk="string",
sae_private_key="string",
scan_botnet_connections="string",
schedule="string",
scopetype="string",
secondary_wag_profile="string",
security="string",
security_exempt_list="string",
security_obsolete_option="string",
security_redirect_url="string",
selected_usergroups="string",
split_tunneling="string",
ssid="string",
sticky_client_remove="string",
sticky_client_threshold2g="string",
sticky_client_threshold5g="string",
sticky_client_threshold6g="string",
target_wake_time="string",
tkip_counter_measure="string",
tunnel_echo_interval=0,
tunnel_fallback_interval=0,
usergroup="string",
utm_log="string",
utm_profile="string",
utm_status="string",
vdom="string",
vlan_auto="string",
vlan_pooling="string",
vlanid=0,
voice_enterprise="string",
webfilter_profile="string")
const objectWirelesscontrollerVapDynamicMappingResource = new fortimanager.ObjectWirelesscontrollerVapDynamicMapping("objectWirelesscontrollerVapDynamicMappingResource", {
vap: "string",
_centmgmt: "string",
_dhcpSvrId: "string",
_intfAllowaccesses: ["string"],
_intfDeviceAccessList: "string",
_intfDeviceIdentification: "string",
_intfDeviceNetscan: "string",
_intfDhcp6RelayIp: "string",
_intfDhcp6RelayService: "string",
_intfDhcp6RelayType: "string",
_intfDhcpRelayIps: ["string"],
_intfDhcpRelayService: "string",
_intfDhcpRelayType: "string",
_intfIp: "string",
_intfIp6Address: "string",
_intfIp6Allowaccesses: ["string"],
_intfListenForticlientConnection: "string",
_isFactorySetting: "string",
_scopes: [{
name: "string",
vdom: "string",
}],
accessControlList: "string",
acctInterimInterval: 0,
additionalAkms: ["string"],
addressGroup: "string",
addressGroupPolicy: "string",
adom: "string",
alias: "string",
antivirusProfile: "string",
applicationDetectionEngine: "string",
applicationDscpMarking: "string",
applicationList: "string",
applicationReportIntv: 0,
atfWeight: 0,
auth: "string",
authCert: "string",
authPortalAddr: "string",
beaconAdvertisings: ["string"],
broadcastSsid: "string",
broadcastSuppressions: ["string"],
bssColorPartial: "string",
bstmDisassociationImminent: "string",
bstmLoadBalancingDisassocTimer: 0,
bstmRssiDisassocTimer: 0,
captivePortalAcName: "string",
captivePortalAuthTimeout: 0,
captivePortalFwAccounting: "string",
captivePortalMacauthRadiusSecrets: ["string"],
captivePortalMacauthRadiusServer: "string",
captivePortalRadiusSecrets: ["string"],
captivePortalRadiusServer: "string",
captivePortalSessionTimeoutInterval: 0,
clientCount: 0,
dhcpAddressEnforcement: "string",
dhcpLeaseTime: 0,
dhcpOption43Insertion: "string",
dhcpOption82CircuitIdInsertion: "string",
dhcpOption82Insertion: "string",
dhcpOption82RemoteIdInsertion: "string",
dynamicSortSubtable: "string",
dynamicVlan: "string",
eapReauth: "string",
eapReauthIntv: 0,
eapolKeyRetries: "string",
encrypt: "string",
externalFastRoaming: "string",
externalLogout: "string",
externalWeb: "string",
externalWebFormat: "string",
fastBssTransition: "string",
fastRoaming: "string",
ftMobilityDomain: 0,
ftOverDs: "string",
ftR0KeyLifetime: 0,
gasComebackDelay: 0,
gasFragmentationLimit: 0,
gtkRekey: "string",
gtkRekeyIntv: 0,
highEfficiency: "string",
hotspot20Profile: "string",
igmpSnooping: "string",
intraVapPrivacy: "string",
ip: "string",
ipsSensor: "string",
ipv6Rules: ["string"],
keyindex: 0,
keys: ["string"],
l3Roaming: "string",
l3RoamingMode: "string",
ldpc: "string",
localAuthentication: "string",
localBridging: "string",
localLan: "string",
localStandalone: "string",
localStandaloneDns: "string",
localStandaloneDnsIps: ["string"],
localStandaloneNat: "string",
localSwitching: "string",
macAuthBypass: "string",
macCalledStationDelimiter: "string",
macCallingStationDelimiter: "string",
macCase: "string",
macFilter: "string",
macFilterPolicyOther: "string",
macPasswordDelimiter: "string",
macUsernameDelimiter: "string",
maxClients: 0,
maxClientsAp: 0,
mbo: "string",
mboCellDataConnPref: "string",
meDisableThresh: 0,
meshBackhaul: "string",
mpsk: "string",
mpskConcurrentClients: 0,
mpskProfile: "string",
muMimo: "string",
multicastEnhance: "string",
multicastRate: "string",
n80211k: "string",
n80211v: "string",
nac: "string",
nacProfile: "string",
neighborReportDualBand: "string",
objectWirelesscontrollerVapDynamicMappingId: "string",
okc: "string",
osen: "string",
oweGroups: ["string"],
oweTransition: "string",
oweTransitionSsid: "string",
passphrases: ["string"],
pmf: "string",
pmfAssocComebackTimeout: 0,
pmfSaQueryRetryTimeout: 0,
portMacauth: "string",
portMacauthReauthTimeout: 0,
portMacauthTimeout: 0,
portalMessageOverrideGroup: "string",
portalType: "string",
primaryWagProfile: "string",
probeRespSuppression: "string",
probeRespThreshold: "string",
ptkRekey: "string",
ptkRekeyIntv: 0,
qosProfile: "string",
quarantine: "string",
radio2gThreshold: "string",
radio5gThreshold: "string",
radioSensitivity: "string",
radiusMacAuth: "string",
radiusMacAuthBlockInterval: 0,
radiusMacAuthServer: "string",
radiusMacAuthUsergroups: ["string"],
radiusMacMpskAuth: "string",
radiusMacMpskTimeout: 0,
radiusServer: "string",
rates11acMcsMap: "string",
rates11acSs12s: ["string"],
rates11acSs34s: ["string"],
rates11as: ["string"],
rates11axMcsMap: "string",
rates11axSs12s: ["string"],
rates11axSs34s: ["string"],
rates11bgs: ["string"],
rates11nSs12s: ["string"],
rates11nSs34s: ["string"],
roamingAcctInterimUpdate: "string",
saeGroups: ["string"],
saeH2eOnly: "string",
saeHnpOnly: "string",
saePasswords: ["string"],
saePk: "string",
saePrivateKey: "string",
scanBotnetConnections: "string",
schedule: "string",
scopetype: "string",
secondaryWagProfile: "string",
security: "string",
securityExemptList: "string",
securityObsoleteOption: "string",
securityRedirectUrl: "string",
selectedUsergroups: "string",
splitTunneling: "string",
ssid: "string",
stickyClientRemove: "string",
stickyClientThreshold2g: "string",
stickyClientThreshold5g: "string",
stickyClientThreshold6g: "string",
targetWakeTime: "string",
tkipCounterMeasure: "string",
tunnelEchoInterval: 0,
tunnelFallbackInterval: 0,
usergroup: "string",
utmLog: "string",
utmProfile: "string",
utmStatus: "string",
vdom: "string",
vlanAuto: "string",
vlanPooling: "string",
vlanid: 0,
voiceEnterprise: "string",
webfilterProfile: "string",
});
type: fortimanager:ObjectWirelesscontrollerVapDynamicMapping
properties:
_centmgmt: string
_dhcpSvrId: string
_intfAllowaccesses:
- string
_intfDeviceAccessList: string
_intfDeviceIdentification: string
_intfDeviceNetscan: string
_intfDhcp6RelayIp: string
_intfDhcp6RelayService: string
_intfDhcp6RelayType: string
_intfDhcpRelayIps:
- string
_intfDhcpRelayService: string
_intfDhcpRelayType: string
_intfIp: string
_intfIp6Address: string
_intfIp6Allowaccesses:
- string
_intfListenForticlientConnection: string
_isFactorySetting: string
_scopes:
- name: string
vdom: string
accessControlList: string
acctInterimInterval: 0
additionalAkms:
- string
addressGroup: string
addressGroupPolicy: string
adom: string
alias: string
antivirusProfile: string
applicationDetectionEngine: string
applicationDscpMarking: string
applicationList: string
applicationReportIntv: 0
atfWeight: 0
auth: string
authCert: string
authPortalAddr: string
beaconAdvertisings:
- string
broadcastSsid: string
broadcastSuppressions:
- string
bssColorPartial: string
bstmDisassociationImminent: string
bstmLoadBalancingDisassocTimer: 0
bstmRssiDisassocTimer: 0
captivePortalAcName: string
captivePortalAuthTimeout: 0
captivePortalFwAccounting: string
captivePortalMacauthRadiusSecrets:
- string
captivePortalMacauthRadiusServer: string
captivePortalRadiusSecrets:
- string
captivePortalRadiusServer: string
captivePortalSessionTimeoutInterval: 0
clientCount: 0
dhcpAddressEnforcement: string
dhcpLeaseTime: 0
dhcpOption43Insertion: string
dhcpOption82CircuitIdInsertion: string
dhcpOption82Insertion: string
dhcpOption82RemoteIdInsertion: string
dynamicSortSubtable: string
dynamicVlan: string
eapReauth: string
eapReauthIntv: 0
eapolKeyRetries: string
encrypt: string
externalFastRoaming: string
externalLogout: string
externalWeb: string
externalWebFormat: string
fastBssTransition: string
fastRoaming: string
ftMobilityDomain: 0
ftOverDs: string
ftR0KeyLifetime: 0
gasComebackDelay: 0
gasFragmentationLimit: 0
gtkRekey: string
gtkRekeyIntv: 0
highEfficiency: string
hotspot20Profile: string
igmpSnooping: string
intraVapPrivacy: string
ip: string
ipsSensor: string
ipv6Rules:
- string
keyindex: 0
keys:
- string
l3Roaming: string
l3RoamingMode: string
ldpc: string
localAuthentication: string
localBridging: string
localLan: string
localStandalone: string
localStandaloneDns: string
localStandaloneDnsIps:
- string
localStandaloneNat: string
localSwitching: string
macAuthBypass: string
macCalledStationDelimiter: string
macCallingStationDelimiter: string
macCase: string
macFilter: string
macFilterPolicyOther: string
macPasswordDelimiter: string
macUsernameDelimiter: string
maxClients: 0
maxClientsAp: 0
mbo: string
mboCellDataConnPref: string
meDisableThresh: 0
meshBackhaul: string
mpsk: string
mpskConcurrentClients: 0
mpskProfile: string
muMimo: string
multicastEnhance: string
multicastRate: string
n80211k: string
n80211v: string
nac: string
nacProfile: string
neighborReportDualBand: string
objectWirelesscontrollerVapDynamicMappingId: string
okc: string
osen: string
oweGroups:
- string
oweTransition: string
oweTransitionSsid: string
passphrases:
- string
pmf: string
pmfAssocComebackTimeout: 0
pmfSaQueryRetryTimeout: 0
portMacauth: string
portMacauthReauthTimeout: 0
portMacauthTimeout: 0
portalMessageOverrideGroup: string
portalType: string
primaryWagProfile: string
probeRespSuppression: string
probeRespThreshold: string
ptkRekey: string
ptkRekeyIntv: 0
qosProfile: string
quarantine: string
radio2gThreshold: string
radio5gThreshold: string
radioSensitivity: string
radiusMacAuth: string
radiusMacAuthBlockInterval: 0
radiusMacAuthServer: string
radiusMacAuthUsergroups:
- string
radiusMacMpskAuth: string
radiusMacMpskTimeout: 0
radiusServer: string
rates11acMcsMap: string
rates11acSs12s:
- string
rates11acSs34s:
- string
rates11as:
- string
rates11axMcsMap: string
rates11axSs12s:
- string
rates11axSs34s:
- string
rates11bgs:
- string
rates11nSs12s:
- string
rates11nSs34s:
- string
roamingAcctInterimUpdate: string
saeGroups:
- string
saeH2eOnly: string
saeHnpOnly: string
saePasswords:
- string
saePk: string
saePrivateKey: string
scanBotnetConnections: string
schedule: string
scopetype: string
secondaryWagProfile: string
security: string
securityExemptList: string
securityObsoleteOption: string
securityRedirectUrl: string
selectedUsergroups: string
splitTunneling: string
ssid: string
stickyClientRemove: string
stickyClientThreshold2g: string
stickyClientThreshold5g: string
stickyClientThreshold6g: string
targetWakeTime: string
tkipCounterMeasure: string
tunnelEchoInterval: 0
tunnelFallbackInterval: 0
usergroup: string
utmLog: string
utmProfile: string
utmStatus: string
vap: string
vdom: string
vlanAuto: string
vlanPooling: string
vlanid: 0
voiceEnterprise: string
webfilterProfile: string
ObjectWirelesscontrollerVapDynamicMapping Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectWirelesscontrollerVapDynamicMapping resource accepts the following input properties:
- Vap
This property is required. string - Vap.
- Access
Control stringList - Access-Control-List.
- Acct
Interim doubleInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms List<string> - Additional-Akms. Valid values:
akm6. - Address
Group string - Address group ID.
- Address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - Application
List string - Application control list name.
- Application
Report doubleIntv - Application-Report-Intv.
- Atf
Weight double - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertisings List<string> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - Broadcast
Suppressions List<string> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - Bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - Bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - Bstm
Load doubleBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- Bstm
Rssi doubleDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal doubleAuth Timeout - Captive-Portal-Auth-Timeout.
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - Captive
Portal List<string>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal List<string>Radius Secrets - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal doubleSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Client
Count double - Client-Count.
- Dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - Dhcp
Lease doubleTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - Eap
Reauth doubleIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - Ft
Mobility doubleDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - Ft
R0Key doubleLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback doubleDelay - Gas-Comeback-Delay.
- Gas
Fragmentation doubleLimit - Gas-Fragmentation-Limit.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - Gtk
Rekey doubleIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules List<string>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - Keyindex double
- WEP key index (1 - 4).
- Keys List<string>
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values:
disable,enable. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - Local
Standalone List<string>Dns Ips - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - Local
Switching string - Local-Switching. Valid values:
disable,enable. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - Mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - Mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Max
Clients double - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients doubleAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values:
disable,enable. - Mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - Me
Disable doubleThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - Mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - Mpsk
Concurrent doubleClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- Mpsk
Profile string - Mpsk-Profile.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - Nac string
- Nac. Valid values:
disable,enable. - Nac
Profile string - Nac-Profile.
- Neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - Object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - Owe
Groups List<string> - OWE-Groups. Valid values:
19,20,21. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrases List<string>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - Pmf
Assoc doubleComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa doubleQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - Port
Macauth doubleReauth Timeout - Port-Macauth-Reauth-Timeout.
- Port
Macauth doubleTimeout - Port-Macauth-Timeout.
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - Ptk
Rekey doubleIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - Radius
Mac doubleAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac List<string>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - Radius
Mac doubleMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12s List<string> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - Rates11ac
Ss34s List<string> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - Rates11as List<string>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12s List<string> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - Rates11ax
Ss34s List<string> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - Rates11bgs List<string>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11n
Ss12s List<string> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - Rates11n
Ss34s List<string> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - Sae
Groups List<string> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Passwords List<string> - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups string - Selective user groups that are permitted to authenticate.
- Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - Sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- Sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - Tunnel
Echo doubleInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback doubleInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- Utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - Vdom string
- Vdom.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - Vlanid double
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - Webfilter
Profile string - WebFilter profile name.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf List<string>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<string>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf List<string>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Vap
This property is required. string - Vap.
- Access
Control stringList - Access-Control-List.
- Acct
Interim float64Interval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms []string - Additional-Akms. Valid values:
akm6. - Address
Group string - Address group ID.
- Address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - Application
List string - Application control list name.
- Application
Report float64Intv - Application-Report-Intv.
- Atf
Weight float64 - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertisings []string - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - Broadcast
Suppressions []string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - Bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - Bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - Bstm
Load float64Balancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- Bstm
Rssi float64Disassoc Timer - Bstm-Rssi-Disassoc-Timer.
- Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal float64Auth Timeout - Captive-Portal-Auth-Timeout.
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - Captive
Portal []stringMacauth Radius Secrets - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal []stringRadius Secrets - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal float64Session Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Client
Count float64 - Client-Count.
- Dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - Dhcp
Lease float64Time - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - Eap
Reauth float64Intv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - Ft
Mobility float64Domain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - Ft
R0Key float64Lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback float64Delay - Gas-Comeback-Delay.
- Gas
Fragmentation float64Limit - Gas-Fragmentation-Limit.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - Gtk
Rekey float64Intv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules []string
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - Keyindex float64
- WEP key index (1 - 4).
- Keys []string
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values:
disable,enable. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - Local
Standalone []stringDns Ips - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - Local
Switching string - Local-Switching. Valid values:
disable,enable. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - Mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - Mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Max
Clients float64 - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients float64Ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values:
disable,enable. - Mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - Me
Disable float64Thresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - Mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - Mpsk
Concurrent float64Clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- Mpsk
Profile string - Mpsk-Profile.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - Nac string
- Nac. Valid values:
disable,enable. - Nac
Profile string - Nac-Profile.
- Neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - Object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - Owe
Groups []string - OWE-Groups. Valid values:
19,20,21. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrases []string
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - Pmf
Assoc float64Comeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa float64Query Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - Port
Macauth float64Reauth Timeout - Port-Macauth-Reauth-Timeout.
- Port
Macauth float64Timeout - Port-Macauth-Timeout.
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - Ptk
Rekey float64Intv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - Radius
Mac float64Auth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac []stringAuth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - Radius
Mac float64Mpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12s []string - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - Rates11ac
Ss34s []string - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - Rates11as []string
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12s []string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - Rates11ax
Ss34s []string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - Rates11bgs []string
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11n
Ss12s []string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - Rates11n
Ss34s []string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - Sae
Groups []string - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Passwords []string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups string - Selective user groups that are permitted to authenticate.
- Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - Sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- Sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - Tunnel
Echo float64Interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback float64Interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- Utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - Vdom string
- Vdom.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - Vlanid float64
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - Webfilter
Profile string - WebFilter profile name.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf []stringAllowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf []stringDhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf []stringIp6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes []ObjectWirelesscontroller Vap Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- vap
This property is required. String - Vap.
- _
centmgmt String - _Centmgmt. Valid values:
disable,enable. - _
dhcp StringSvr Id - _Dhcp_Svr_Id.
- _
intf List<String>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf StringDevice Access List - _Intf_Device-Access-List.
- _
intf StringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf StringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf StringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf StringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<String>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf StringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf StringIp - _Intf_Ip.
- _
intf StringIp6Address - _Intf_Ip6-Address.
- _
intf List<String>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf StringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is StringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - access
Control StringList - Access-Control-List.
- acct
Interim DoubleInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms List<String> - Additional-Akms. Valid values:
akm6. - address
Group String - Address group ID.
- address
Group StringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List String - Application control list name.
- application
Report DoubleIntv - Application-Report-Intv.
- atf
Weight Double - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertisings List<String> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions List<String> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color StringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation StringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load DoubleBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi DoubleDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal DoubleAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal List<String>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal List<String>Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal DoubleSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count Double - Client-Count.
- dhcp
Address StringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease DoubleTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth DoubleIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility DoubleDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key DoubleLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback DoubleDelay - Gas-Comeback-Delay.
- gas
Fragmentation DoubleLimit - Gas-Fragmentation-Limit.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey DoubleIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex Double
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication String - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone List<String>Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching String - Local-Switching. Valid values:
disable,enable. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called StringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling StringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case String - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password StringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients Double - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients DoubleAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values:
disable,enable. - mbo
Cell StringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable DoubleThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk String
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent DoubleClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile String - Mpsk-Profile.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac String
- Nac. Valid values:
disable,enable. - nac
Profile String - Nac-Profile.
- neighbor
Report StringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller StringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups List<String> - OWE-Groups. Valid values:
19,20,21. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc DoubleComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa DoubleQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth DoubleReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth DoubleTimeout - Port-Macauth-Timeout.
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey DoubleIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac DoubleAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<String>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac DoubleMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s List<String> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s List<String> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as List<String>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s List<String> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s List<String> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s List<String> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s List<String> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups List<String> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords List<String> - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups String - Selective user groups that are permitted to authenticate.
- split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client StringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client StringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo DoubleInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback DoubleInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utm
Log String - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vdom String
- Vdom.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid Double
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile String - WebFilter profile name.
- vap
This property is required. string - Vap.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf string[]Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf string[]Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf string[]Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes ObjectWirelesscontroller Vap Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - access
Control stringList - Access-Control-List.
- acct
Interim numberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms string[] - Additional-Akms. Valid values:
akm6. - address
Group string - Address group ID.
- address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias string
- Alias.
- antivirus
Profile string - AntiVirus profile name.
- application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List string - Application control list name.
- application
Report numberIntv - Application-Report-Intv.
- atf
Weight number - Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- beacon
Advertisings string[] - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions string[] - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load numberBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi numberDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- captive
Portal numberAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal string[]Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal string[]Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal numberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count number - Client-Count.
- dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease numberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth numberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout string - URL of external authentication logout server.
- external
Web string - URL of external authentication web server.
- external
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility numberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key numberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback numberDelay - Gas-Comeback-Delay.
- gas
Fragmentation numberLimit - Gas-Fragmentation-Limit.
- gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey numberIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile string
- Hotspot 2.0 profile name.
- igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor string - IPS sensor name.
- ipv6Rules string[]
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex number
- WEP key index (1 - 4).
- keys string[]
- WEP Key.
- l3Roaming string
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone string[]Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching string - Local-Switching. Valid values:
disable,enable. - mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients numberAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo string
- Mbo. Valid values:
disable,enable. - mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable numberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent numberClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile string - Mpsk-Profile.
- mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac string
- Nac. Valid values:
disable,enable. - nac
Profile string - Nac-Profile.
- neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups string[] - OWE-Groups. Valid values:
19,20,21. - owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition stringSsid - OWE transition mode peer SSID.
- passphrases string[]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc numberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa numberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth numberReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth numberTimeout - Port-Macauth-Timeout.
- portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag stringProfile - Primary wireless access gateway profile name.
- probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey numberIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile string - Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac numberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac string[]Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac numberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server string - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s string[] - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s string[] - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as string[]
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s string[] - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s string[] - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs string[]
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s string[] - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s string[] - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups string[] - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords string[] - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt stringList - Optional security exempt list for captive portal authentication.
- security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups string - Selective user groups that are permitted to authenticate.
- split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo numberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback numberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup string
- Firewall user group to be used to authenticate WiFi users.
- utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile string - UTM profile name.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vdom string
- Vdom.
- vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid number
- Optional VLAN ID.
- voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile string - WebFilter profile name.
- vap
This property is required. str - Vap.
- _
centmgmt str - _Centmgmt. Valid values:
disable,enable. - _
dhcp_ strsvr_ id - _Dhcp_Svr_Id.
- _
intf_ Sequence[str]allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf_ strdevice_ access_ list - _Intf_Device-Access-List.
- _
intf_ strdevice_ identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf_ strdevice_ netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf_ strdhcp6_ relay_ ip - _Intf_Dhcp6-Relay-Ip.
- _
intf_ strdhcp6_ relay_ service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf_ strdhcp6_ relay_ type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf_ Sequence[str]dhcp_ relay_ ips - _Intf_Dhcp-Relay-Ip.
- _
intf_ strdhcp_ relay_ service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf_ strdhcp_ relay_ type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf_ strip - _Intf_Ip.
- _
intf_ strip6_ address - _Intf_Ip6-Address.
- _
intf_ Sequence[str]ip6_ allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf_ strlisten_ forticlient_ connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is_ strfactory_ setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes Sequence[ObjectWirelesscontroller Vap Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - access_
control_ strlist - Access-Control-List.
- acct_
interim_ floatinterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_
akms Sequence[str] - Additional-Akms. Valid values:
akm6. - address_
group str - Address group ID.
- address_
group_ strpolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias str
- Alias.
- antivirus_
profile str - AntiVirus profile name.
- application_
detection_ strengine - Application-Detection-Engine. Valid values:
disable,enable. - application_
dscp_ strmarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application_
list str - Application control list name.
- application_
report_ floatintv - Application-Report-Intv.
- atf_
weight float - Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- beacon_
advertisings Sequence[str] - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast_
ssid str - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast_
suppressions Sequence[str] - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss_
color_ strpartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm_
disassociation_ strimminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm_
load_ floatbalancing_ disassoc_ timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm_
rssi_ floatdisassoc_ timer - Bstm-Rssi-Disassoc-Timer.
- captive_
portal_ strac_ name - Local-bridging captive portal ac-name.
- captive_
portal_ floatauth_ timeout - Captive-Portal-Auth-Timeout.
- captive_
portal_ strfw_ accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive_
portal_ Sequence[str]macauth_ radius_ secrets - Secret key to access the macauth RADIUS server.
- captive_
portal_ strmacauth_ radius_ server - Captive portal external RADIUS server domain name or IP address.
- captive_
portal_ Sequence[str]radius_ secrets - Secret key to access the RADIUS server.
- captive_
portal_ strradius_ server - Captive portal RADIUS server domain name or IP address.
- captive_
portal_ floatsession_ timeout_ interval - Session timeout interval (0 - 864000 sec, default = 0).
- client_
count float - Client-Count.
- dhcp_
address_ strenforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp_
lease_ floattime - DHCP lease time in seconds for NAT IP address.
- dhcp_
option43_ strinsertion - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp_
option82_ strcircuit_ id_ insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp_
option82_ strinsertion - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp_
option82_ strremote_ id_ insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic_
vlan str - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap_
reauth str - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap_
reauth_ floatintv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_
key_ strretries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external_
fast_ strroaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external_
logout str - URL of external authentication logout server.
- external_
web str - URL of external authentication web server.
- external_
web_ strformat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast_
bss_ strtransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast_
roaming str - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft_
mobility_ floatdomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_
over_ strds - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft_
r0_ floatkey_ lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_
comeback_ floatdelay - Gas-Comeback-Delay.
- gas_
fragmentation_ floatlimit - Gas-Fragmentation-Limit.
- gtk_
rekey str - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk_
rekey_ floatintv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high_
efficiency str - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20_
profile str - Hotspot 2.0 profile name.
- igmp_
snooping str - Igmp-Snooping. Valid values:
disable,enable. - intra_
vap_ strprivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_
sensor str - IPS sensor name.
- ipv6_
rules Sequence[str] - Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex float
- WEP key index (1 - 4).
- keys Sequence[str]
- WEP Key.
- l3_
roaming str - L3-Roaming. Valid values:
disable,enable. - l3_
roaming_ strmode - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local_
authentication str - Enable/disable AP local authentication. Valid values:
disable,enable. - local_
bridging str - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local_
lan str - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local_
standalone str - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local_
standalone_ strdns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local_
standalone_ Sequence[str]dns_ ips - IPv4 addresses for the local standalone DNS.
- local_
standalone_ strnat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local_
switching str - Local-Switching. Valid values:
disable,enable. - mac_
auth_ strbypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac_
called_ strstation_ delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
calling_ strstation_ delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
case str - Mac-Case. Valid values:
uppercase,lowercase. - mac_
filter str - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac_
filter_ strpolicy_ other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac_
password_ strdelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
username_ strdelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max_
clients float - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_
clients_ floatap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo str
- Mbo. Valid values:
disable,enable. - mbo_
cell_ strdata_ conn_ pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me_
disable_ floatthresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_
backhaul str - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk str
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk_
concurrent_ floatclients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk_
profile str - Mpsk-Profile.
- mu_
mimo str - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast_
enhance str - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast_
rate str - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac str
- Nac. Valid values:
disable,enable. - nac_
profile str - Nac-Profile.
- neighbor_
report_ strdual_ band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object_
wirelesscontroller_ strvap_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe_
groups Sequence[str] - OWE-Groups. Valid values:
19,20,21. - owe_
transition str - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe_
transition_ strssid - OWE transition mode peer SSID.
- passphrases Sequence[str]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf_
assoc_ floatcomeback_ timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_
sa_ floatquery_ retry_ timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_
macauth str - Port-Macauth. Valid values:
disable,radius,address-group. - port_
macauth_ floatreauth_ timeout - Port-Macauth-Reauth-Timeout.
- port_
macauth_ floattimeout - Port-Macauth-Timeout.
- portal_
message_ stroverride_ group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_
type str - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary_
wag_ strprofile - Primary wireless access gateway profile name.
- probe_
resp_ strsuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe_
resp_ strthreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_
rekey str - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk_
rekey_ floatintv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos_
profile str - Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_
sensitivity str - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius_
mac_ strauth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius_
mac_ floatauth_ block_ interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_
mac_ strauth_ server - RADIUS-based MAC authentication server.
- radius_
mac_ Sequence[str]auth_ usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius_
mac_ strmpsk_ auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius_
mac_ floatmpsk_ timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_
server str - RADIUS server to be used to authenticate WiFi users.
- rates11ac_
mcs_ strmap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_
ss12s Sequence[str] - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac_
ss34s Sequence[str] - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as Sequence[str]
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax_
mcs_ strmap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_
ss12s Sequence[str] - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax_
ss34s Sequence[str] - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs Sequence[str]
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n_
ss12s Sequence[str] - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n_
ss34s Sequence[str] - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming_
acct_ strinterim_ update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae_
groups Sequence[str] - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae_
h2e_ stronly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae_
hnp_ stronly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae_
passwords Sequence[str] - WPA3 SAE password to be used to authenticate WiFi users.
- sae_
pk str - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae_
private_ strkey - Private key used for WPA3 SAE-PK authentication.
- scan_
botnet_ strconnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule str
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary_
wag_ strprofile - Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security_
exempt_ strlist - Optional security exempt list for captive portal authentication.
- security_
obsolete_ stroption - Enable/disable obsolete security options. Valid values:
disable,enable. - security_
redirect_ strurl - Optional URL for redirecting users after they pass captive portal authentication.
- selected_
usergroups str - Selective user groups that are permitted to authenticate.
- split_
tunneling str - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_
client_ strremove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky_
client_ strthreshold2g - Sticky-Client-Threshold-2G.
- sticky_
client_ strthreshold5g - Sticky-Client-Threshold-5G.
- sticky_
client_ strthreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_
wake_ strtime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip_
counter_ strmeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel_
echo_ floatinterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_
fallback_ floatinterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup str
- Firewall user group to be used to authenticate WiFi users.
- utm_
log str - Enable/disable UTM logging. Valid values:
disable,enable. - utm_
profile str - UTM profile name.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vdom str
- Vdom.
- vlan_
auto str - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan_
pooling str - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid float
- Optional VLAN ID.
- voice_
enterprise str - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter_
profile str - WebFilter profile name.
- vap
This property is required. String - Vap.
- _
centmgmt String - _Centmgmt. Valid values:
disable,enable. - _
dhcp StringSvr Id - _Dhcp_Svr_Id.
- _
intf List<String>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf StringDevice Access List - _Intf_Device-Access-List.
- _
intf StringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf StringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf StringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf StringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<String>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf StringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf StringIp - _Intf_Ip.
- _
intf StringIp6Address - _Intf_Ip6-Address.
- _
intf List<String>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf StringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is StringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - access
Control StringList - Access-Control-List.
- acct
Interim NumberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms List<String> - Additional-Akms. Valid values:
akm6. - address
Group String - Address group ID.
- address
Group StringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List String - Application control list name.
- application
Report NumberIntv - Application-Report-Intv.
- atf
Weight Number - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertisings List<String> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions List<String> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color StringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation StringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load NumberBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi NumberDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal NumberAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal List<String>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal List<String>Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal NumberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count Number - Client-Count.
- dhcp
Address StringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease NumberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth NumberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility NumberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key NumberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback NumberDelay - Gas-Comeback-Delay.
- gas
Fragmentation NumberLimit - Gas-Fragmentation-Limit.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey NumberIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex Number
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication String - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone List<String>Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching String - Local-Switching. Valid values:
disable,enable. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called StringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling StringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case String - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password StringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients Number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients NumberAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values:
disable,enable. - mbo
Cell StringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable NumberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk String
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent NumberClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile String - Mpsk-Profile.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac String
- Nac. Valid values:
disable,enable. - nac
Profile String - Nac-Profile.
- neighbor
Report StringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller StringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups List<String> - OWE-Groups. Valid values:
19,20,21. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc NumberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa NumberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth NumberReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth NumberTimeout - Port-Macauth-Timeout.
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey NumberIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac NumberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<String>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac NumberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s List<String> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s List<String> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as List<String>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s List<String> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s List<String> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s List<String> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s List<String> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups List<String> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords List<String> - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups String - Selective user groups that are permitted to authenticate.
- split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client StringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client StringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo NumberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback NumberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utm
Log String - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vdom String
- Vdom.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid Number
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile String - WebFilter profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectWirelesscontrollerVapDynamicMapping resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectWirelesscontrollerVapDynamicMapping Resource
Get an existing ObjectWirelesscontrollerVapDynamicMapping resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectWirelesscontrollerVapDynamicMappingState, opts?: CustomResourceOptions): ObjectWirelesscontrollerVapDynamicMapping@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
_centmgmt: Optional[str] = None,
_dhcp_svr_id: Optional[str] = None,
_intf_allowaccesses: Optional[Sequence[str]] = None,
_intf_device_access_list: Optional[str] = None,
_intf_device_identification: Optional[str] = None,
_intf_device_netscan: Optional[str] = None,
_intf_dhcp6_relay_ip: Optional[str] = None,
_intf_dhcp6_relay_service: Optional[str] = None,
_intf_dhcp6_relay_type: Optional[str] = None,
_intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
_intf_dhcp_relay_service: Optional[str] = None,
_intf_dhcp_relay_type: Optional[str] = None,
_intf_ip: Optional[str] = None,
_intf_ip6_address: Optional[str] = None,
_intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
_intf_listen_forticlient_connection: Optional[str] = None,
_is_factory_setting: Optional[str] = None,
_scopes: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs]] = None,
access_control_list: Optional[str] = None,
acct_interim_interval: Optional[float] = None,
additional_akms: Optional[Sequence[str]] = None,
address_group: Optional[str] = None,
address_group_policy: Optional[str] = None,
adom: Optional[str] = None,
alias: Optional[str] = None,
antivirus_profile: Optional[str] = None,
application_detection_engine: Optional[str] = None,
application_dscp_marking: Optional[str] = None,
application_list: Optional[str] = None,
application_report_intv: Optional[float] = None,
atf_weight: Optional[float] = None,
auth: Optional[str] = None,
auth_cert: Optional[str] = None,
auth_portal_addr: Optional[str] = None,
beacon_advertisings: Optional[Sequence[str]] = None,
broadcast_ssid: Optional[str] = None,
broadcast_suppressions: Optional[Sequence[str]] = None,
bss_color_partial: Optional[str] = None,
bstm_disassociation_imminent: Optional[str] = None,
bstm_load_balancing_disassoc_timer: Optional[float] = None,
bstm_rssi_disassoc_timer: Optional[float] = None,
captive_portal_ac_name: Optional[str] = None,
captive_portal_auth_timeout: Optional[float] = None,
captive_portal_fw_accounting: Optional[str] = None,
captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
captive_portal_macauth_radius_server: Optional[str] = None,
captive_portal_radius_secrets: Optional[Sequence[str]] = None,
captive_portal_radius_server: Optional[str] = None,
captive_portal_session_timeout_interval: Optional[float] = None,
client_count: Optional[float] = None,
dhcp_address_enforcement: Optional[str] = None,
dhcp_lease_time: Optional[float] = None,
dhcp_option43_insertion: Optional[str] = None,
dhcp_option82_circuit_id_insertion: Optional[str] = None,
dhcp_option82_insertion: Optional[str] = None,
dhcp_option82_remote_id_insertion: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
dynamic_vlan: Optional[str] = None,
eap_reauth: Optional[str] = None,
eap_reauth_intv: Optional[float] = None,
eapol_key_retries: Optional[str] = None,
encrypt: Optional[str] = None,
external_fast_roaming: Optional[str] = None,
external_logout: Optional[str] = None,
external_web: Optional[str] = None,
external_web_format: Optional[str] = None,
fast_bss_transition: Optional[str] = None,
fast_roaming: Optional[str] = None,
ft_mobility_domain: Optional[float] = None,
ft_over_ds: Optional[str] = None,
ft_r0_key_lifetime: Optional[float] = None,
gas_comeback_delay: Optional[float] = None,
gas_fragmentation_limit: Optional[float] = None,
gtk_rekey: Optional[str] = None,
gtk_rekey_intv: Optional[float] = None,
high_efficiency: Optional[str] = None,
hotspot20_profile: Optional[str] = None,
igmp_snooping: Optional[str] = None,
intra_vap_privacy: Optional[str] = None,
ip: Optional[str] = None,
ips_sensor: Optional[str] = None,
ipv6_rules: Optional[Sequence[str]] = None,
keyindex: Optional[float] = None,
keys: Optional[Sequence[str]] = None,
l3_roaming: Optional[str] = None,
l3_roaming_mode: Optional[str] = None,
ldpc: Optional[str] = None,
local_authentication: Optional[str] = None,
local_bridging: Optional[str] = None,
local_lan: Optional[str] = None,
local_standalone: Optional[str] = None,
local_standalone_dns: Optional[str] = None,
local_standalone_dns_ips: Optional[Sequence[str]] = None,
local_standalone_nat: Optional[str] = None,
local_switching: Optional[str] = None,
mac_auth_bypass: Optional[str] = None,
mac_called_station_delimiter: Optional[str] = None,
mac_calling_station_delimiter: Optional[str] = None,
mac_case: Optional[str] = None,
mac_filter: Optional[str] = None,
mac_filter_policy_other: Optional[str] = None,
mac_password_delimiter: Optional[str] = None,
mac_username_delimiter: Optional[str] = None,
max_clients: Optional[float] = None,
max_clients_ap: Optional[float] = None,
mbo: Optional[str] = None,
mbo_cell_data_conn_pref: Optional[str] = None,
me_disable_thresh: Optional[float] = None,
mesh_backhaul: Optional[str] = None,
mpsk: Optional[str] = None,
mpsk_concurrent_clients: Optional[float] = None,
mpsk_profile: Optional[str] = None,
mu_mimo: Optional[str] = None,
multicast_enhance: Optional[str] = None,
multicast_rate: Optional[str] = None,
n80211k: Optional[str] = None,
n80211v: Optional[str] = None,
nac: Optional[str] = None,
nac_profile: Optional[str] = None,
neighbor_report_dual_band: Optional[str] = None,
object_wirelesscontroller_vap_dynamic_mapping_id: Optional[str] = None,
okc: Optional[str] = None,
osen: Optional[str] = None,
owe_groups: Optional[Sequence[str]] = None,
owe_transition: Optional[str] = None,
owe_transition_ssid: Optional[str] = None,
passphrases: Optional[Sequence[str]] = None,
pmf: Optional[str] = None,
pmf_assoc_comeback_timeout: Optional[float] = None,
pmf_sa_query_retry_timeout: Optional[float] = None,
port_macauth: Optional[str] = None,
port_macauth_reauth_timeout: Optional[float] = None,
port_macauth_timeout: Optional[float] = None,
portal_message_override_group: Optional[str] = None,
portal_type: Optional[str] = None,
primary_wag_profile: Optional[str] = None,
probe_resp_suppression: Optional[str] = None,
probe_resp_threshold: Optional[str] = None,
ptk_rekey: Optional[str] = None,
ptk_rekey_intv: Optional[float] = None,
qos_profile: Optional[str] = None,
quarantine: Optional[str] = None,
radio2g_threshold: Optional[str] = None,
radio5g_threshold: Optional[str] = None,
radio_sensitivity: Optional[str] = None,
radius_mac_auth: Optional[str] = None,
radius_mac_auth_block_interval: Optional[float] = None,
radius_mac_auth_server: Optional[str] = None,
radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
radius_mac_mpsk_auth: Optional[str] = None,
radius_mac_mpsk_timeout: Optional[float] = None,
radius_server: Optional[str] = None,
rates11ac_mcs_map: Optional[str] = None,
rates11ac_ss12s: Optional[Sequence[str]] = None,
rates11ac_ss34s: Optional[Sequence[str]] = None,
rates11as: Optional[Sequence[str]] = None,
rates11ax_mcs_map: Optional[str] = None,
rates11ax_ss12s: Optional[Sequence[str]] = None,
rates11ax_ss34s: Optional[Sequence[str]] = None,
rates11bgs: Optional[Sequence[str]] = None,
rates11n_ss12s: Optional[Sequence[str]] = None,
rates11n_ss34s: Optional[Sequence[str]] = None,
roaming_acct_interim_update: Optional[str] = None,
sae_groups: Optional[Sequence[str]] = None,
sae_h2e_only: Optional[str] = None,
sae_hnp_only: Optional[str] = None,
sae_passwords: Optional[Sequence[str]] = None,
sae_pk: Optional[str] = None,
sae_private_key: Optional[str] = None,
scan_botnet_connections: Optional[str] = None,
schedule: Optional[str] = None,
scopetype: Optional[str] = None,
secondary_wag_profile: Optional[str] = None,
security: Optional[str] = None,
security_exempt_list: Optional[str] = None,
security_obsolete_option: Optional[str] = None,
security_redirect_url: Optional[str] = None,
selected_usergroups: Optional[str] = None,
split_tunneling: Optional[str] = None,
ssid: Optional[str] = None,
sticky_client_remove: Optional[str] = None,
sticky_client_threshold2g: Optional[str] = None,
sticky_client_threshold5g: Optional[str] = None,
sticky_client_threshold6g: Optional[str] = None,
target_wake_time: Optional[str] = None,
tkip_counter_measure: Optional[str] = None,
tunnel_echo_interval: Optional[float] = None,
tunnel_fallback_interval: Optional[float] = None,
usergroup: Optional[str] = None,
utm_log: Optional[str] = None,
utm_profile: Optional[str] = None,
utm_status: Optional[str] = None,
vap: Optional[str] = None,
vdom: Optional[str] = None,
vlan_auto: Optional[str] = None,
vlan_pooling: Optional[str] = None,
vlanid: Optional[float] = None,
voice_enterprise: Optional[str] = None,
webfilter_profile: Optional[str] = None) -> ObjectWirelesscontrollerVapDynamicMappingfunc GetObjectWirelesscontrollerVapDynamicMapping(ctx *Context, name string, id IDInput, state *ObjectWirelesscontrollerVapDynamicMappingState, opts ...ResourceOption) (*ObjectWirelesscontrollerVapDynamicMapping, error)public static ObjectWirelesscontrollerVapDynamicMapping Get(string name, Input<string> id, ObjectWirelesscontrollerVapDynamicMappingState? state, CustomResourceOptions? opts = null)public static ObjectWirelesscontrollerVapDynamicMapping get(String name, Output<String> id, ObjectWirelesscontrollerVapDynamicMappingState state, CustomResourceOptions options)resources: _: type: fortimanager:ObjectWirelesscontrollerVapDynamicMapping get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Access
Control stringList - Access-Control-List.
- Acct
Interim doubleInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms List<string> - Additional-Akms. Valid values:
akm6. - Address
Group string - Address group ID.
- Address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - Application
List string - Application control list name.
- Application
Report doubleIntv - Application-Report-Intv.
- Atf
Weight double - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertisings List<string> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - Broadcast
Suppressions List<string> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - Bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - Bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - Bstm
Load doubleBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- Bstm
Rssi doubleDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal doubleAuth Timeout - Captive-Portal-Auth-Timeout.
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - Captive
Portal List<string>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal List<string>Radius Secrets - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal doubleSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Client
Count double - Client-Count.
- Dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - Dhcp
Lease doubleTime - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - Eap
Reauth doubleIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - Ft
Mobility doubleDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - Ft
R0Key doubleLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback doubleDelay - Gas-Comeback-Delay.
- Gas
Fragmentation doubleLimit - Gas-Fragmentation-Limit.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - Gtk
Rekey doubleIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules List<string>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - Keyindex double
- WEP key index (1 - 4).
- Keys List<string>
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values:
disable,enable. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - Local
Standalone List<string>Dns Ips - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - Local
Switching string - Local-Switching. Valid values:
disable,enable. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - Mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - Mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Max
Clients double - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients doubleAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values:
disable,enable. - Mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - Me
Disable doubleThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - Mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - Mpsk
Concurrent doubleClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- Mpsk
Profile string - Mpsk-Profile.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - Nac string
- Nac. Valid values:
disable,enable. - Nac
Profile string - Nac-Profile.
- Neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - Object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - Owe
Groups List<string> - OWE-Groups. Valid values:
19,20,21. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrases List<string>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - Pmf
Assoc doubleComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa doubleQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - Port
Macauth doubleReauth Timeout - Port-Macauth-Reauth-Timeout.
- Port
Macauth doubleTimeout - Port-Macauth-Timeout.
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - Ptk
Rekey doubleIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - Radius
Mac doubleAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac List<string>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - Radius
Mac doubleMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12s List<string> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - Rates11ac
Ss34s List<string> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - Rates11as List<string>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12s List<string> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - Rates11ax
Ss34s List<string> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - Rates11bgs List<string>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11n
Ss12s List<string> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - Rates11n
Ss34s List<string> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - Sae
Groups List<string> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Passwords List<string> - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups string - Selective user groups that are permitted to authenticate.
- Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - Sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- Sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - Tunnel
Echo doubleInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback doubleInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- Utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - Vap string
- Vap.
- Vdom string
- Vdom.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - Vlanid double
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - Webfilter
Profile string - WebFilter profile name.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf List<string>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<string>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf List<string>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below.
- Access
Control stringList - Access-Control-List.
- Acct
Interim float64Interval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- Additional
Akms []string - Additional-Akms. Valid values:
akm6. - Address
Group string - Address group ID.
- Address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - Adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - Alias string
- Alias.
- Antivirus
Profile string - AntiVirus profile name.
- Application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - Application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - Application
List string - Application control list name.
- Application
Report float64Intv - Application-Report-Intv.
- Atf
Weight float64 - Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - Auth
Cert string - HTTPS server certificate.
- Auth
Portal stringAddr - Address of captive portal.
- Beacon
Advertisings []string - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - Broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - Broadcast
Suppressions []string - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - Bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - Bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - Bstm
Load float64Balancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- Bstm
Rssi float64Disassoc Timer - Bstm-Rssi-Disassoc-Timer.
- Captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- Captive
Portal float64Auth Timeout - Captive-Portal-Auth-Timeout.
- Captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - Captive
Portal []stringMacauth Radius Secrets - Secret key to access the macauth RADIUS server.
- Captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- Captive
Portal []stringRadius Secrets - Secret key to access the RADIUS server.
- Captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- Captive
Portal float64Session Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- Client
Count float64 - Client-Count.
- Dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - Dhcp
Lease float64Time - DHCP lease time in seconds for NAT IP address.
- Dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - Dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - Dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - Dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - Eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - Eap
Reauth float64Intv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- Eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - External
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - External
Logout string - URL of external authentication logout server.
- External
Web string - URL of external authentication web server.
- External
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - Fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - Fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - Ft
Mobility float64Domain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- Ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - Ft
R0Key float64Lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- Gas
Comeback float64Delay - Gas-Comeback-Delay.
- Gas
Fragmentation float64Limit - Gas-Fragmentation-Limit.
- Gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - Gtk
Rekey float64Intv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- High
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - Hotspot20Profile string
- Hotspot 2.0 profile name.
- Igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - Intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- Ips
Sensor string - IPS sensor name.
- Ipv6Rules []string
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - Keyindex float64
- WEP key index (1 - 4).
- Keys []string
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values:
disable,enable. - L3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - Local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - Local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - Local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - Local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - Local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - Local
Standalone []stringDns Ips - IPv4 addresses for the local standalone DNS.
- Local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - Local
Switching string - Local-Switching. Valid values:
disable,enable. - Mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - Mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - Mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - Mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - Mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - Max
Clients float64 - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- Max
Clients float64Ap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values:
disable,enable. - Mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - Me
Disable float64Thresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- Mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - Mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - Mpsk
Concurrent float64Clients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- Mpsk
Profile string - Mpsk-Profile.
- Mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - Multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - Multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - Nac string
- Nac. Valid values:
disable,enable. - Nac
Profile string - Nac-Profile.
- Neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - Object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - Owe
Groups []string - OWE-Groups. Valid values:
19,20,21. - Owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - Owe
Transition stringSsid - OWE transition mode peer SSID.
- Passphrases []string
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - Pmf
Assoc float64Comeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- Pmf
Sa float64Query Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- Port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - Port
Macauth float64Reauth Timeout - Port-Macauth-Reauth-Timeout.
- Port
Macauth float64Timeout - Port-Macauth-Timeout.
- Portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- Portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - Primary
Wag stringProfile - Primary wireless access gateway profile name.
- Probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- Ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - Ptk
Rekey float64Intv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- Qos
Profile string - Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - Radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- Radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - Radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - Radius
Mac float64Auth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- Radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- Radius
Mac []stringAuth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- Radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - Radius
Mac float64Mpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- Radius
Server string - RADIUS server to be used to authenticate WiFi users.
- Rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11ac
Ss12s []string - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - Rates11ac
Ss34s []string - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - Rates11as []string
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11ax
Ss12s []string - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - Rates11ax
Ss34s []string - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - Rates11bgs []string
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - Rates11n
Ss12s []string - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - Rates11n
Ss34s []string - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - Roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - Sae
Groups []string - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - Sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - Sae
Passwords []string - WPA3 SAE password to be used to authenticate WiFi users.
- Sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - Sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- Scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - Secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - Security
Exempt stringList - Optional security exempt list for captive portal authentication.
- Security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - Security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- Selected
Usergroups string - Selective user groups that are permitted to authenticate.
- Split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- Sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - Sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- Sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- Sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- Target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - Tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - Tunnel
Echo float64Interval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- Tunnel
Fallback float64Interval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- Utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - Utm
Profile string - UTM profile name.
- Utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - Vap string
- Vap.
- Vdom string
- Vdom.
- Vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - Vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - Vlanid float64
- Optional VLAN ID.
- Voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - Webfilter
Profile string - WebFilter profile name.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf []stringAllowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf []stringDhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf []stringIp6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes []ObjectWirelesscontroller Vap Dynamic Mapping_Scope Args - _Scope. The structure of
_scopeblock is documented below.
- _
centmgmt String - _Centmgmt. Valid values:
disable,enable. - _
dhcp StringSvr Id - _Dhcp_Svr_Id.
- _
intf List<String>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf StringDevice Access List - _Intf_Device-Access-List.
- _
intf StringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf StringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf StringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf StringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<String>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf StringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf StringIp - _Intf_Ip.
- _
intf StringIp6Address - _Intf_Ip6-Address.
- _
intf List<String>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf StringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is StringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> - _Scope. The structure of
_scopeblock is documented below. - access
Control StringList - Access-Control-List.
- acct
Interim DoubleInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms List<String> - Additional-Akms. Valid values:
akm6. - address
Group String - Address group ID.
- address
Group StringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List String - Application control list name.
- application
Report DoubleIntv - Application-Report-Intv.
- atf
Weight Double - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertisings List<String> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions List<String> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color StringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation StringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load DoubleBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi DoubleDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal DoubleAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal List<String>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal List<String>Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal DoubleSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count Double - Client-Count.
- dhcp
Address StringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease DoubleTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth DoubleIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility DoubleDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key DoubleLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback DoubleDelay - Gas-Comeback-Delay.
- gas
Fragmentation DoubleLimit - Gas-Fragmentation-Limit.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey DoubleIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex Double
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication String - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone List<String>Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching String - Local-Switching. Valid values:
disable,enable. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called StringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling StringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case String - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password StringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients Double - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients DoubleAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values:
disable,enable. - mbo
Cell StringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable DoubleThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk String
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent DoubleClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile String - Mpsk-Profile.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac String
- Nac. Valid values:
disable,enable. - nac
Profile String - Nac-Profile.
- neighbor
Report StringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller StringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups List<String> - OWE-Groups. Valid values:
19,20,21. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc DoubleComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa DoubleQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth DoubleReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth DoubleTimeout - Port-Macauth-Timeout.
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey DoubleIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac DoubleAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<String>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac DoubleMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s List<String> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s List<String> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as List<String>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s List<String> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s List<String> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s List<String> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s List<String> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups List<String> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords List<String> - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups String - Selective user groups that are permitted to authenticate.
- split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client StringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client StringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo DoubleInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback DoubleInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utm
Log String - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vap String
- Vap.
- vdom String
- Vdom.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid Double
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile String - WebFilter profile name.
- _
centmgmt string - _Centmgmt. Valid values:
disable,enable. - _
dhcp stringSvr Id - _Dhcp_Svr_Id.
- _
intf string[]Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf stringDevice Access List - _Intf_Device-Access-List.
- _
intf stringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf stringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf stringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf stringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf string[]Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf stringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf stringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf stringIp - _Intf_Ip.
- _
intf stringIp6Address - _Intf_Ip6-Address.
- _
intf string[]Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf stringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is stringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes ObjectWirelesscontroller Vap Dynamic Mapping_Scope[] - _Scope. The structure of
_scopeblock is documented below. - access
Control stringList - Access-Control-List.
- acct
Interim numberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms string[] - Additional-Akms. Valid values:
akm6. - address
Group string - Address group ID.
- address
Group stringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom string
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias string
- Alias.
- antivirus
Profile string - AntiVirus profile name.
- application
Detection stringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp stringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List string - Application control list name.
- application
Report numberIntv - Application-Report-Intv.
- atf
Weight number - Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert string - HTTPS server certificate.
- auth
Portal stringAddr - Address of captive portal.
- beacon
Advertisings string[] - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid string - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions string[] - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color stringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation stringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load numberBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi numberDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal stringAc Name - Local-bridging captive portal ac-name.
- captive
Portal numberAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal stringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal string[]Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal stringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal string[]Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal stringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal numberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count number - Client-Count.
- dhcp
Address stringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease numberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion string - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit stringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion string - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote stringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan string - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth string - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth numberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key stringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast stringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout string - URL of external authentication logout server.
- external
Web string - URL of external authentication web server.
- external
Web stringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss stringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming string - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility numberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over stringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key numberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback numberDelay - Gas-Comeback-Delay.
- gas
Fragmentation numberLimit - Gas-Fragmentation-Limit.
- gtk
Rekey string - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey numberIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency string - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile string
- Hotspot 2.0 profile name.
- igmp
Snooping string - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap stringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor string - IPS sensor name.
- ipv6Rules string[]
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex number
- WEP key index (1 - 4).
- keys string[]
- WEP Key.
- l3Roaming string
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode string - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication string - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging string - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan string - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone string - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone stringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone string[]Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone stringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching string - Local-Switching. Valid values:
disable,enable. - mac
Auth stringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called stringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling stringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case string - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter string - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter stringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password stringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username stringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients numberAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo string
- Mbo. Valid values:
disable,enable. - mbo
Cell stringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable numberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul string - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk string
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent numberClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile string - Mpsk-Profile.
- mu
Mimo string - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance string - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate string - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac string
- Nac. Valid values:
disable,enable. - nac
Profile string - Nac-Profile.
- neighbor
Report stringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller stringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups string[] - OWE-Groups. Valid values:
19,20,21. - owe
Transition string - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition stringSsid - OWE transition mode peer SSID.
- passphrases string[]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc numberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa numberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth string - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth numberReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth numberTimeout - Port-Macauth-Timeout.
- portal
Message stringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type string - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag stringProfile - Primary wireless access gateway profile name.
- probe
Resp stringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp stringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey string - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey numberIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile string - Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold string - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity string - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac stringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac numberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac stringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac string[]Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac stringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac numberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server string - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs stringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s string[] - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s string[] - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as string[]
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs stringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s string[] - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s string[] - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs string[]
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s string[] - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s string[] - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct stringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups string[] - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e stringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp stringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords string[] - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk string - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private stringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet stringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype string
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag stringProfile - Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt stringList - Optional security exempt list for captive portal authentication.
- security
Obsolete stringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect stringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups string - Selective user groups that are permitted to authenticate.
- split
Tunneling string - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client stringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client stringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client stringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client stringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake stringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter stringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo numberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback numberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup string
- Firewall user group to be used to authenticate WiFi users.
- utm
Log string - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile string - UTM profile name.
- utm
Status string - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vap string
- Vap.
- vdom string
- Vdom.
- vlan
Auto string - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling string - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid number
- Optional VLAN ID.
- voice
Enterprise string - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile string - WebFilter profile name.
- _
centmgmt str - _Centmgmt. Valid values:
disable,enable. - _
dhcp_ strsvr_ id - _Dhcp_Svr_Id.
- _
intf_ Sequence[str]allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf_ strdevice_ access_ list - _Intf_Device-Access-List.
- _
intf_ strdevice_ identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf_ strdevice_ netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf_ strdhcp6_ relay_ ip - _Intf_Dhcp6-Relay-Ip.
- _
intf_ strdhcp6_ relay_ service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf_ strdhcp6_ relay_ type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf_ Sequence[str]dhcp_ relay_ ips - _Intf_Dhcp-Relay-Ip.
- _
intf_ strdhcp_ relay_ service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf_ strdhcp_ relay_ type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf_ strip - _Intf_Ip.
- _
intf_ strip6_ address - _Intf_Ip6-Address.
- _
intf_ Sequence[str]ip6_ allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf_ strlisten_ forticlient_ connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is_ strfactory_ setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes Sequence[ObjectWirelesscontroller Vap Dynamic Mapping_Scope Args] - _Scope. The structure of
_scopeblock is documented below. - access_
control_ strlist - Access-Control-List.
- acct_
interim_ floatinterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_
akms Sequence[str] - Additional-Akms. Valid values:
akm6. - address_
group str - Address group ID.
- address_
group_ strpolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom str
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias str
- Alias.
- antivirus_
profile str - AntiVirus profile name.
- application_
detection_ strengine - Application-Detection-Engine. Valid values:
disable,enable. - application_
dscp_ strmarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application_
list str - Application control list name.
- application_
report_ floatintv - Application-Report-Intv.
- atf_
weight float - Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth_
cert str - HTTPS server certificate.
- auth_
portal_ straddr - Address of captive portal.
- beacon_
advertisings Sequence[str] - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast_
ssid str - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast_
suppressions Sequence[str] - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss_
color_ strpartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm_
disassociation_ strimminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm_
load_ floatbalancing_ disassoc_ timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm_
rssi_ floatdisassoc_ timer - Bstm-Rssi-Disassoc-Timer.
- captive_
portal_ strac_ name - Local-bridging captive portal ac-name.
- captive_
portal_ floatauth_ timeout - Captive-Portal-Auth-Timeout.
- captive_
portal_ strfw_ accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive_
portal_ Sequence[str]macauth_ radius_ secrets - Secret key to access the macauth RADIUS server.
- captive_
portal_ strmacauth_ radius_ server - Captive portal external RADIUS server domain name or IP address.
- captive_
portal_ Sequence[str]radius_ secrets - Secret key to access the RADIUS server.
- captive_
portal_ strradius_ server - Captive portal RADIUS server domain name or IP address.
- captive_
portal_ floatsession_ timeout_ interval - Session timeout interval (0 - 864000 sec, default = 0).
- client_
count float - Client-Count.
- dhcp_
address_ strenforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp_
lease_ floattime - DHCP lease time in seconds for NAT IP address.
- dhcp_
option43_ strinsertion - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp_
option82_ strcircuit_ id_ insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp_
option82_ strinsertion - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp_
option82_ strremote_ id_ insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic_
vlan str - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap_
reauth str - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap_
reauth_ floatintv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_
key_ strretries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external_
fast_ strroaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external_
logout str - URL of external authentication logout server.
- external_
web str - URL of external authentication web server.
- external_
web_ strformat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast_
bss_ strtransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast_
roaming str - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft_
mobility_ floatdomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_
over_ strds - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft_
r0_ floatkey_ lifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_
comeback_ floatdelay - Gas-Comeback-Delay.
- gas_
fragmentation_ floatlimit - Gas-Fragmentation-Limit.
- gtk_
rekey str - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk_
rekey_ floatintv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high_
efficiency str - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20_
profile str - Hotspot 2.0 profile name.
- igmp_
snooping str - Igmp-Snooping. Valid values:
disable,enable. - intra_
vap_ strprivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_
sensor str - IPS sensor name.
- ipv6_
rules Sequence[str] - Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex float
- WEP key index (1 - 4).
- keys Sequence[str]
- WEP Key.
- l3_
roaming str - L3-Roaming. Valid values:
disable,enable. - l3_
roaming_ strmode - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local_
authentication str - Enable/disable AP local authentication. Valid values:
disable,enable. - local_
bridging str - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local_
lan str - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local_
standalone str - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local_
standalone_ strdns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local_
standalone_ Sequence[str]dns_ ips - IPv4 addresses for the local standalone DNS.
- local_
standalone_ strnat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local_
switching str - Local-Switching. Valid values:
disable,enable. - mac_
auth_ strbypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac_
called_ strstation_ delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
calling_ strstation_ delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
case str - Mac-Case. Valid values:
uppercase,lowercase. - mac_
filter str - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac_
filter_ strpolicy_ other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac_
password_ strdelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac_
username_ strdelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max_
clients float - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_
clients_ floatap - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo str
- Mbo. Valid values:
disable,enable. - mbo_
cell_ strdata_ conn_ pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me_
disable_ floatthresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_
backhaul str - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk str
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk_
concurrent_ floatclients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk_
profile str - Mpsk-Profile.
- mu_
mimo str - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast_
enhance str - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast_
rate str - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac str
- Nac. Valid values:
disable,enable. - nac_
profile str - Nac-Profile.
- neighbor_
report_ strdual_ band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object_
wirelesscontroller_ strvap_ dynamic_ mapping_ id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe_
groups Sequence[str] - OWE-Groups. Valid values:
19,20,21. - owe_
transition str - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe_
transition_ strssid - OWE transition mode peer SSID.
- passphrases Sequence[str]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf_
assoc_ floatcomeback_ timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_
sa_ floatquery_ retry_ timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_
macauth str - Port-Macauth. Valid values:
disable,radius,address-group. - port_
macauth_ floatreauth_ timeout - Port-Macauth-Reauth-Timeout.
- port_
macauth_ floattimeout - Port-Macauth-Timeout.
- portal_
message_ stroverride_ group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_
type str - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary_
wag_ strprofile - Primary wireless access gateway profile name.
- probe_
resp_ strsuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe_
resp_ strthreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_
rekey str - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk_
rekey_ floatintv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos_
profile str - Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_
threshold str - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_
sensitivity str - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius_
mac_ strauth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius_
mac_ floatauth_ block_ interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_
mac_ strauth_ server - RADIUS-based MAC authentication server.
- radius_
mac_ Sequence[str]auth_ usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius_
mac_ strmpsk_ auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius_
mac_ floatmpsk_ timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_
server str - RADIUS server to be used to authenticate WiFi users.
- rates11ac_
mcs_ strmap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_
ss12s Sequence[str] - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac_
ss34s Sequence[str] - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as Sequence[str]
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax_
mcs_ strmap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_
ss12s Sequence[str] - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax_
ss34s Sequence[str] - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs Sequence[str]
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n_
ss12s Sequence[str] - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n_
ss34s Sequence[str] - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming_
acct_ strinterim_ update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae_
groups Sequence[str] - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae_
h2e_ stronly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae_
hnp_ stronly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae_
passwords Sequence[str] - WPA3 SAE password to be used to authenticate WiFi users.
- sae_
pk str - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae_
private_ strkey - Private key used for WPA3 SAE-PK authentication.
- scan_
botnet_ strconnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule str
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype str
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary_
wag_ strprofile - Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security_
exempt_ strlist - Optional security exempt list for captive portal authentication.
- security_
obsolete_ stroption - Enable/disable obsolete security options. Valid values:
disable,enable. - security_
redirect_ strurl - Optional URL for redirecting users after they pass captive portal authentication.
- selected_
usergroups str - Selective user groups that are permitted to authenticate.
- split_
tunneling str - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_
client_ strremove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky_
client_ strthreshold2g - Sticky-Client-Threshold-2G.
- sticky_
client_ strthreshold5g - Sticky-Client-Threshold-5G.
- sticky_
client_ strthreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_
wake_ strtime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip_
counter_ strmeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel_
echo_ floatinterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_
fallback_ floatinterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup str
- Firewall user group to be used to authenticate WiFi users.
- utm_
log str - Enable/disable UTM logging. Valid values:
disable,enable. - utm_
profile str - UTM profile name.
- utm_
status str - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vap str
- Vap.
- vdom str
- Vdom.
- vlan_
auto str - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan_
pooling str - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid float
- Optional VLAN ID.
- voice_
enterprise str - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter_
profile str - WebFilter profile name.
- _
centmgmt String - _Centmgmt. Valid values:
disable,enable. - _
dhcp StringSvr Id - _Dhcp_Svr_Id.
- _
intf List<String>Allowaccesses - _Intf_Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap. - _
intf StringDevice Access List - _Intf_Device-Access-List.
- _
intf StringDevice Identification - _Intf_Device-Identification. Valid values:
disable,enable. - _
intf StringDevice Netscan - _Intf_Device-Netscan. Valid values:
disable,enable. - _
intf StringDhcp6Relay Ip - _Intf_Dhcp6-Relay-Ip.
- _
intf StringDhcp6Relay Service - _Intf_Dhcp6-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp6Relay Type - _Intf_Dhcp6-Relay-Type. Valid values:
regular. - _
intf List<String>Dhcp Relay Ips - _Intf_Dhcp-Relay-Ip.
- _
intf StringDhcp Relay Service - _Intf_Dhcp-Relay-Service. Valid values:
disable,enable. - _
intf StringDhcp Relay Type - _Intf_Dhcp-Relay-Type. Valid values:
regular,ipsec. - _
intf StringIp - _Intf_Ip.
- _
intf StringIp6Address - _Intf_Ip6-Address.
- _
intf List<String>Ip6Allowaccesses - _Intf_Ip6-Allowaccess. Valid values:
https,ping,ssh,snmp,http,telnet,any,fgfm,capwap. - _
intf StringListen Forticlient Connection - _Intf_Listen-Forticlient-Connection. Valid values:
disable,enable. - _
is StringFactory Setting - _Is_Factory_Setting. Valid values:
disable,enable,ext. - _
scopes List<Property Map> - _Scope. The structure of
_scopeblock is documented below. - access
Control StringList - Access-Control-List.
- acct
Interim NumberInterval - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional
Akms List<String> - Additional-Akms. Valid values:
akm6. - address
Group String - Address group ID.
- address
Group StringPolicy - Address-Group-Policy. Valid values:
disable,allow,deny. - adom String
- Adom. This value is valid only when the
scopetypeisadom, otherwise the value of adom in the provider will be inherited. - alias String
- Alias.
- antivirus
Profile String - AntiVirus profile name.
- application
Detection StringEngine - Application-Detection-Engine. Valid values:
disable,enable. - application
Dscp StringMarking - Enable/disable application attribute based DSCP marking (default = disable). Valid values:
disable,enable. - application
List String - Application control list name.
- application
Report NumberIntv - Application-Report-Intv.
- atf
Weight Number - Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values:
PSK,psk,RADIUS,radius,usergroup. - auth
Cert String - HTTPS server certificate.
- auth
Portal StringAddr - Address of captive portal.
- beacon
Advertisings List<String> - Fortinet beacon advertising IE data (default = empty). Valid values:
name,model,serial-number. - broadcast
Ssid String - Enable/disable broadcasting the SSID (default = enable). Valid values:
disable,enable. - broadcast
Suppressions List<String> - Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values:
dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast. - bss
Color StringPartial - Bss-Color-Partial. Valid values:
disable,enable. - bstm
Disassociation StringImminent - Bstm-Disassociation-Imminent. Valid values:
disable,enable. - bstm
Load NumberBalancing Disassoc Timer - Bstm-Load-Balancing-Disassoc-Timer.
- bstm
Rssi NumberDisassoc Timer - Bstm-Rssi-Disassoc-Timer.
- captive
Portal StringAc Name - Local-bridging captive portal ac-name.
- captive
Portal NumberAuth Timeout - Captive-Portal-Auth-Timeout.
- captive
Portal StringFw Accounting - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values:
disable,enable. - captive
Portal List<String>Macauth Radius Secrets - Secret key to access the macauth RADIUS server.
- captive
Portal StringMacauth Radius Server - Captive portal external RADIUS server domain name or IP address.
- captive
Portal List<String>Radius Secrets - Secret key to access the RADIUS server.
- captive
Portal StringRadius Server - Captive portal RADIUS server domain name or IP address.
- captive
Portal NumberSession Timeout Interval - Session timeout interval (0 - 864000 sec, default = 0).
- client
Count Number - Client-Count.
- dhcp
Address StringEnforcement - Dhcp-Address-Enforcement. Valid values:
disable,enable. - dhcp
Lease NumberTime - DHCP lease time in seconds for NAT IP address.
- dhcp
Option43Insertion String - Dhcp-Option43-Insertion. Valid values:
disable,enable. - dhcp
Option82Circuit StringId Insertion - Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values:
disable,style-1,style-2,style-3. - dhcp
Option82Insertion String - Enable/disable DHCP option 82 insert (default = disable). Valid values:
disable,enable. - dhcp
Option82Remote StringId Insertion - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values:
disable,style-1. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic
Vlan String - Enable/disable dynamic VLAN assignment. Valid values:
disable,enable. - eap
Reauth String - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values:
disable,enable. - eap
Reauth NumberIntv - EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol
Key StringRetries - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values:
disable,enable. - encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values:
TKIP,AES,TKIP-AES. - external
Fast StringRoaming - Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values:
disable,enable. - external
Logout String - URL of external authentication logout server.
- external
Web String - URL of external authentication web server.
- external
Web StringFormat - URL query parameter detection (default = auto-detect). Valid values:
auto-detect,no-query-string,partial-query-string. - fast
Bss StringTransition - Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values:
disable,enable. - fast
Roaming String - Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values:
disable,enable. - ft
Mobility NumberDomain - Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft
Over StringDs - Enable/disable FT over the Distribution System (DS). Valid values:
disable,enable. - ft
R0Key NumberLifetime - Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas
Comeback NumberDelay - Gas-Comeback-Delay.
- gas
Fragmentation NumberLimit - Gas-Fragmentation-Limit.
- gtk
Rekey String - Enable/disable GTK rekey for WPA security. Valid values:
disable,enable. - gtk
Rekey NumberIntv - GTK rekey interval (1800 - 864000 sec, default = 86400).
- high
Efficiency String - Enable/disable 802.11ax high efficiency (default = enable). Valid values:
disable,enable. - hotspot20Profile String
- Hotspot 2.0 profile name.
- igmp
Snooping String - Igmp-Snooping. Valid values:
disable,enable. - intra
Vap StringPrivacy - Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values:
disable,enable. - ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ips
Sensor String - IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values:
drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad. - keyindex Number
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values:
disable,enable. - l3Roaming
Mode String - Select the way that layer 3 roaming traffic is passed (default = direct). Valid values:
direct,indirect. - ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values:
disable,tx,rx,rxtx. - local
Authentication String - Enable/disable AP local authentication. Valid values:
disable,enable. - local
Bridging String - Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values:
disable,enable. - local
Lan String - Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values:
deny,allow. - local
Standalone String - Enable/disable AP local standalone (default = disable). Valid values:
disable,enable. - local
Standalone StringDns - Enable/disable AP local standalone DNS. Valid values:
disable,enable. - local
Standalone List<String>Dns Ips - IPv4 addresses for the local standalone DNS.
- local
Standalone StringNat - Enable/disable AP local standalone NAT mode. Valid values:
disable,enable. - local
Switching String - Local-Switching. Valid values:
disable,enable. - mac
Auth StringBypass - Enable/disable MAC authentication bypass. Valid values:
disable,enable. - mac
Called StringStation Delimiter - Mac-Called-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Calling StringStation Delimiter - Mac-Calling-Station-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Case String - Mac-Case. Valid values:
uppercase,lowercase. - mac
Filter String - Enable/disable MAC filtering to block wireless clients by mac address. Valid values:
disable,enable. - mac
Filter StringPolicy Other - Allow or block clients with MAC addresses that are not in the filter list. Valid values:
deny,allow. - mac
Password StringDelimiter - Mac-Password-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - mac
Username StringDelimiter - Mac-Username-Delimiter. Valid values:
hyphen,single-hyphen,colon,none. - max
Clients Number - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max
Clients NumberAp - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values:
disable,enable. - mbo
Cell StringData Conn Pref - Mbo-Cell-Data-Conn-Pref. Valid values:
excluded,prefer-not,prefer-use. - me
Disable NumberThresh - Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh
Backhaul String - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values:
disable,enable. - mpsk String
- Enable/disable multiple PSK authentication. Valid values:
disable,enable. - mpsk
Concurrent NumberClients - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk
Profile String - Mpsk-Profile.
- mu
Mimo String - Enable/disable Multi-user MIMO (default = enable). Valid values:
disable,enable. - multicast
Enhance String - Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values:
disable,enable. - multicast
Rate String - Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values:
0,6000,12000,24000. - n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values:
disable,enable. - n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values:
disable,enable. - nac String
- Nac. Valid values:
disable,enable. - nac
Profile String - Nac-Profile.
- neighbor
Report StringDual Band - Neighbor-Report-Dual-Band. Valid values:
disable,enable. - object
Wirelesscontroller StringVap Dynamic Mapping Id - an identifier for the resource with format "{{_scope.name}} {{_scope.vdom}}".
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values:
disable,enable. - osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values:
disable,enable. - owe
Groups List<String> - OWE-Groups. Valid values:
19,20,21. - owe
Transition String - Enable/disable OWE transition mode support. Valid values:
disable,enable. - owe
Transition StringSsid - OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values:
disable,enable,optional. - pmf
Assoc NumberComeback Timeout - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf
Sa NumberQuery Retry Timeout - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port
Macauth String - Port-Macauth. Valid values:
disable,radius,address-group. - port
Macauth NumberReauth Timeout - Port-Macauth-Reauth-Timeout.
- port
Macauth NumberTimeout - Port-Macauth-Timeout.
- portal
Message StringOverride Group - Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal
Type String - Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values:
auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth. - primary
Wag StringProfile - Primary wireless access gateway profile name.
- probe
Resp StringSuppression - Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values:
disable,enable. - probe
Resp StringThreshold - Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk
Rekey String - Enable/disable PTK rekey for WPA-Enterprise security. Valid values:
disable,enable. - ptk
Rekey NumberIntv - PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos
Profile String - Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values:
disable,enable. - radio2g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g
Threshold String - Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio
Sensitivity String - Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values:
disable,enable. - radius
Mac StringAuth - Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values:
disable,enable. - radius
Mac NumberAuth Block Interval - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius
Mac StringAuth Server - RADIUS-based MAC authentication server.
- radius
Mac List<String>Auth Usergroups - Selective user groups that are permitted for RADIUS mac authentication.
- radius
Mac StringMpsk Auth - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values:
disable,enable. - radius
Mac NumberMpsk Timeout - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius
Server String - RADIUS server to be used to authenticate WiFi users.
- rates11ac
Mcs StringMap - Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac
Ss12s List<String> - Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2. - rates11ac
Ss34s List<String> - Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4. - rates11as List<String>
- Allowed data rates for 802.11a. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11ax
Mcs StringMap - Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax
Ss12s List<String> - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2. - rates11ax
Ss34s List<String> - Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values:
mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4. - rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values:
1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic. - rates11n
Ss12s List<String> - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values:
mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2. - rates11n
Ss34s List<String> - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values:
mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4. - roaming
Acct StringInterim Update - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values:
disable,enable. - sae
Groups List<String> - SAE-Groups. Valid values:
1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31. - sae
H2e StringOnly - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Hnp StringOnly - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values:
disable,enable. - sae
Passwords List<String> - WPA3 SAE password to be used to authenticate WiFi users.
- sae
Pk String - Enable/disable WPA3 SAE-PK (default = disable). Valid values:
disable,enable. - sae
Private StringKey - Private key used for WPA3 SAE-PK authentication.
- scan
Botnet StringConnections - Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values:
disable,block,monitor. - schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values:
inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit. - secondary
Wag StringProfile - Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values:
None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition. - security
Exempt StringList - Optional security exempt list for captive portal authentication.
- security
Obsolete StringOption - Enable/disable obsolete security options. Valid values:
disable,enable. - security
Redirect StringUrl - Optional URL for redirecting users after they pass captive portal authentication.
- selected
Usergroups String - Selective user groups that are permitted to authenticate.
- split
Tunneling String - Enable/disable split tunneling (default = disable). Valid values:
disable,enable. - ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky
Client StringRemove - Sticky-Client-Remove. Valid values:
disable,enable. - sticky
Client StringThreshold2g - Sticky-Client-Threshold-2G.
- sticky
Client StringThreshold5g - Sticky-Client-Threshold-5G.
- sticky
Client StringThreshold6g - Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target
Wake StringTime - Enable/disable 802.11ax target wake time (default = enable). Valid values:
disable,enable. - tkip
Counter StringMeasure - Enable/disable TKIP counter measure. Valid values:
disable,enable. - tunnel
Echo NumberInterval - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel
Fallback NumberInterval - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utm
Log String - Enable/disable UTM logging. Valid values:
disable,enable. - utm
Profile String - UTM profile name.
- utm
Status String - Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values:
disable,enable. - vap String
- Vap.
- vdom String
- Vdom.
- vlan
Auto String - Enable/disable automatic management of SSID VLAN interface. Valid values:
disable,enable. - vlan
Pooling String - Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values:
wtp-group,round-robin,hash,disable. - vlanid Number
- Optional VLAN ID.
- voice
Enterprise String - Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values:
disable,enable. - webfilter
Profile String - WebFilter profile name.
Supporting Types
ObjectWirelesscontrollerVapDynamicMapping_Scope, ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs
, ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs
Import
ObjectWirelessController VapDynamicMapping can be imported using any of these accepted formats:
Set import_options = [“vap=YOUR_VALUE”] in the provider section.
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectWirelesscontrollerVapDynamicMapping:ObjectWirelesscontrollerVapDynamicMapping labelname {{_scope.name}}.{{_scope.vdom}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.14.0 published on Tuesday, Apr 15, 2025 by fortinetdev