source: | fortios_vpn_ipsec_phase1_interface.py |
---|---|
orphan: |
fortios_vpn_ipsec_phase1_interface -- Configure VPN remote gateway in Fortinet's FortiOS and FortiGate.
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
fortios_vpn_ipsec_phase1_interface | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- vpn_ipsec_phase1_interface - Configure VPN remote gateway. type: dict
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
vpn_ipsec_phase1_interface yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
acct_verify yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
add_gw_route yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
add_route yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - aggregate_member - Enable/disable use as an aggregate member. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
aggregate_member no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - aggregate_weight - Link weight for aggregate. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
aggregate_weight no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
assign_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
assign_ip_from yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [range] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [usrgrp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dhcp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [name] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authmethod - Authentication method. type: str choices: psk, signature
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
authmethod yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [psk] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [signature] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authmethod_remote - Authentication method (remote side). type: str choices: psk, signature
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
authmethod_remote yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [psk] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [signature] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authpasswd - XAuth password (max 35 characters). type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
authpasswd yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authusr - XAuth user name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
authusr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authusrgrp - Authentication user group. Source user.group.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
authusrgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_crossover - Allow/block set-up of short-cut tunnels between different network IDs. type: str choices: allow, block
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_crossover no no no no no no no no no no no no no no no no no no no no no no no no yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - auto_discovery_forwarder - Enable/disable forwarding auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_forwarder yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_offer_interval - Interval between shortcut offer messages in seconds (1 - 300). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_offer_interval no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes - auto_discovery_psk - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_psk yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_receiver - Enable/disable accepting auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_receiver yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_sender - Enable/disable sending auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_sender yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_shortcuts - Control deletion of child short-cut tunnels when the parent tunnel goes down. type: str choices: independent, dependent
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_discovery_shortcuts no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [independent] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dependent] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
auto_negotiate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - backup_gateway - Instruct unity clients about the backup gateway address(es). type: list member_path: backup_gateway:address
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
backup_gateway yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - address - Address of backup gateway. type: str required: true
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - banner - Message that unity client should display after connecting. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
banner yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
cert_id_validation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - certificate - The names of up to 4 signed personal certificates. type: list member_path: certificate:name
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Certificate name. Source vpn.certificate.local.name. type: str required: true
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
childless_ike yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
client_auto_negotiate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
client_keep_alive yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - comments - Comment. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
comments yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - default_gw - IPv4 address of default route gateway to use for traffic exiting the interface. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
default_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - default_gw_priority - Priority for default gateway route. A higher priority number signifies a less preferred route. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
default_gw_priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dev_id - Device ID carried by the device ID notification. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dev_id no no no no no no no no no no no no no no no no no no no no no no no no yes - dev_id_notification - Enable/disable device ID notification. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dev_id_notification no no no no no no no no no no no no no no no no no no no no no no no no yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dhcp_ra_giaddr no no no yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dhcp6_ra_linkaddr no no no yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dhgrp - DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dhgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [14] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [15] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [16] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [17] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [18] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [19] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [20] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [21] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [27] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [28] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [29] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [30] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [31] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [32] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
digital_signature_auth yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - distance - Distance for routes added by IKE (1 - 255). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
distance yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dns_mode - DNS server mode. type: str choices: manual, auto
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dns_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [manual] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - domain - Instruct unity clients about the single default DNS domain. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dpd yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [on-idle] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [on-demand] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd_retrycount - Number of DPD retry attempts. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dpd_retrycount yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd_retryinterval - DPD retry interval. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
dpd_retryinterval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
eap yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap_exclude_peergrp - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
eap_exclude_peergrp no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
eap_identity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [use-id-payload] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [send-request] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_local_gw4 - Local IPv4 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encap_local_gw4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_local_gw6 - Local IPv6 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encap_local_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_remote_gw4 - Remote IPv4 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encap_remote_gw4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_remote_gw6 - Remote IPv6 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encap_remote_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encapsulation - Enable/disable GRE/VXLAN/VPNID encapsulation. type: str choices: none, gre, vxlan, vpn-id-ipip
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encapsulation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [gre] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [vxlan] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [vpn-id-ipip] no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes - encapsulation_address - Source for GRE/VXLAN tunnel address. type: str choices: ike, ipv4, ipv6
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
encapsulation_address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ike] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ipv4] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ipv6] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
enforce_unique_id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keep-new] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keep-old] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - esn - Extended sequence number (ESN) negotiation. type: str choices: require, allow, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
esn yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [require] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_fgt_device_id - Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
exchange_fgt_device_id no no no no no no no no no no no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - exchange_interface_ip - Enable/disable exchange of IPsec interface IP address. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
exchange_interface_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_ip_addr4 - IPv4 address to exchange with peers. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
exchange_ip_addr4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_ip_addr6 - IPv6 address to exchange with peers. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
exchange_ip_addr6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_base - Number of base Forward Error Correction packets (1 - 20). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_base no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_codec - Forward Error Correction encoding/decoding algorithm. type: str choices: rs, xor
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_codec no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [rs] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [xor] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_egress - Enable/disable Forward Error Correction for egress IPsec traffic. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_egress no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_health_check - SD-WAN health check. Source system.sdwan.health-check.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_health_check no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_ingress - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_ingress no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_mapping_profile - Forward Error Correction (FEC) mapping profile. Source vpn.ipsec.fec.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_mapping_profile no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_receive_timeout - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_receive_timeout no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_redundant - Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_redundant no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_send_timeout - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fec_send_timeout no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fgsp_sync - Enable/disable IPsec syncing of tunnels for FGSP IPsec. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fgsp_sync no no no no no no no no no no no no no no no no no no yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes yes yes yes - forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
forticlient_enforcement yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fragmentation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
fragmentation_mtu yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
group_authentication yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - group_authentication_secret - Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
group_authentication_secret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ha_sync_esp_seqno yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idle_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
idle_timeoutinterval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ike_version - IKE protocol version. type: str choices: 1, 2
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ike_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - inbound_dscp_copy - Enable/disable copy the dscp in the ESP header to the inner IP Header. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
inbound_dscp_copy no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes - include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
include_local_lan yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
interface yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_delay_interval - IP address reuse delay interval in seconds (0 - 28800). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ip_delay_interval no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_fragmentation - Determine whether IP packets are fragmented before or after IPsec encapsulation. type: str choices: pre-encapsulation, post-encapsulation
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ip_fragmentation no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pre-encapsulation] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [post-encapsulation] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_version - IP version to use for VPN interface. type: str choices: 4, 6
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ip_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [6] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server1 - IPv4 DNS server 1. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_dns_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server2 - IPv4 DNS server 2. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_dns_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server3 - IPv4 DNS server 3. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_dns_server3 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_end_ip - End of IPv4 range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list member_path: ipv4_exclude_range:id
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_exclude_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - end_ip - End of IPv4 exclusive range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - ID. type: int required: true
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - start_ip - Start of IPv4 exclusive range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_netmask - IPv4 Netmask. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_netmask yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_split_exclude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_split_include yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_start_ip - Start of IPv4 range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_wins_server1 - WINS server 1. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_wins_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_wins_server2 - WINS server 2. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv4_wins_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server1 - IPv6 DNS server 1. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_dns_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server2 - IPv6 DNS server 2. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_dns_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server3 - IPv6 DNS server 3. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_dns_server3 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_end_ip - End of IPv6 range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list member_path: ipv6_exclude_range:id
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_exclude_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - end_ip - End of IPv6 exclusive range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - ID. type: int required: true
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - start_ip - Start of IPv6 exclusive range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_prefix - IPv6 prefix. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_prefix yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_split_exclude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_split_include yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_start_ip - Start of IPv6 range. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ipv6_start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - keepalive - NAT-T keep alive interval. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
keepalive yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - keylife - Time to wait in seconds before phase 1 encryption key expires. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
keylife yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - kms - Key Management Services server. Source vpn.kmip-server.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
kms no no no no no no no no no no no no no no no no no no no no no no no no yes - link_cost - VPN tunnel underlay link cost. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
link_cost no no no no no no no no no no no no no no no no no no no no no yes yes yes yes - local_gw - IPv4 address of the local gateway"s external interface. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
local_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - local_gw6 - IPv6 address of the local gateway"s external interface. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
local_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - localid - Local ID. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
localid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
localid_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [user-fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keyid] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [address] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [asn1dn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - loopback_asymroute - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
loopback_asymroute no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mesh_selector_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [subnet] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode - The ID protection mode used to establish a secure channel. type: str choices: aggressive, main
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aggressive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [main] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode_cfg - Enable/disable configuration method. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mode_cfg yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode_cfg_allow_client_selector - Enable/disable mode-cfg client to use custom phase2 selectors. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
mode_cfg_allow_client_selector no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes - monitor - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
monitor yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_delay - Time to wait in seconds before recovery once primary re-establishes. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
monitor_hold_down_delay yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_time - Time of day at which to fail back to primary after it re-establishes. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
monitor_hold_down_time yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_type - Recovery time method when primary interface re-establishes. type: str choices: immediate, delay, time
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
monitor_hold_down_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [immediate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [delay] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [time] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_weekday - Day of the week to recover once primary re-establishes. type: str choices: everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
monitor_hold_down_weekday yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [everyday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sunday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [monday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tuesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wednesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [thursday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [friday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [saturday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - IPsec remote gateway name. type: str required: true
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
nattraversal yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [forced] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
negotiate_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - net_device - Enable/disable kernel device creation. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
net_device yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - network_id - VPN gateway network ID. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
network_id no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - network_overlay - Enable/disable network overlays. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
network_overlay no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - npu_offload - Enable/disable offloading NPU. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
npu_offload yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - packet_redistribution - Enable/disable packet distribution (RPS) on the IPsec interface. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
packet_redistribution no no no no no no no no no no no no no no no no no no no no no no no no no [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes - passive_mode - Enable/disable IPsec passive mode for static tunnels. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
passive_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peer - Accept this peer certificate. Source user.peer.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
peer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
peergrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peerid - Accept this peer identity. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
peerid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
peertype yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [any] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [one] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [peer] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [peergrp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ppk yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [require] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ppk_identity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
ppk_secret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - Priority for routes added by IKE (1 - 65535). type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
proposal yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
psksecret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
psksecret_remote yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
reauth yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rekey - Enable/disable phase1 rekey. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
rekey yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remote_gw - IPv4 address of the remote gateway"s external interface. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
remote_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remote_gw6 - IPv6 address of the remote gateway"s external interface. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
remote_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remotegw_ddns - Domain name of remote gateway. For example, name.ddns.com. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
remotegw_ddns yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
rsa_signature_format yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pkcs1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pss] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rsa_signature_hash_override - Enable/disable IKEv2 RSA signature hash algorithm override. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
rsa_signature_hash_override no no no no no no no no no no no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
save_password yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
send_cert_chain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - signature_hash_alg - Digital Signature Authentication hash algorithms. type: list choices: sha1, sha2-256, sha2-384, sha2-512
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
signature_hash_alg yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
split_include_service yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
suite_b yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [suite-b-gcm-128] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [suite-b-gcm-256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tunnel_search - Tunnel search method for when the interface is shared. type: str choices: selectors, nexthop
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
tunnel_search yes yes yes yes yes yes yes yes yes yes [selectors] yes yes yes yes yes yes yes yes yes yes [nexthop] yes yes yes yes yes yes yes yes yes yes - type - Remote gateway type. type: str choices: static, dynamic, ddns
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dynamic] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ddns] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
unity_support yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - usrgrp - User group name for dialup peers. Source user.group.name. type: str
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
usrgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - vni - VNI of VXLAN tunnel. type: int
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
vni yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw, simplified-static-fortigate, hub-fortigate-auto-discovery, spoke-fortigate-auto-discovery
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
wizard_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [custom] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-forticlient] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-ios] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-android] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-windows] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-cisco] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static-fortigate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-fortigate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static-cisco] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-cisco-fw] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [simplified-static-fortigate] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [hub-fortigate-auto-discovery] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [spoke-fortigate-auto-discovery] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto
more...
v6.0.0
v6.0.5
v6.0.11
v6.2.0
v6.2.3
v6.2.5
v6.2.7
v6.4.0
v6.4.1
v6.4.4
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.12
v7.2.0
v7.2.1
v7.2.2
v7.2.4
v7.4.0
xauthtype yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [client] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pap] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chap] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN remote gateway.
fortios_vpn_ipsec_phase1_interface:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ipsec_phase1_interface:
acct_verify: "enable"
add_gw_route: "enable"
add_route: "disable"
aggregate_member: "enable"
aggregate_weight: "1"
assign_ip: "disable"
assign_ip_from: "range"
authmethod: "psk"
authmethod_remote: "psk"
authpasswd: "<your_own_value>"
authusr: "<your_own_value>"
authusrgrp: "<your_own_value> (source user.group.name)"
auto_discovery_crossover: "allow"
auto_discovery_forwarder: "enable"
auto_discovery_offer_interval: "5"
auto_discovery_psk: "enable"
auto_discovery_receiver: "enable"
auto_discovery_sender: "enable"
auto_discovery_shortcuts: "independent"
auto_negotiate: "enable"
backup_gateway:
-
address: "<your_own_value>"
banner: "<your_own_value>"
cert_id_validation: "enable"
certificate:
-
name: "default_name_28 (source vpn.certificate.local.name)"
childless_ike: "enable"
client_auto_negotiate: "disable"
client_keep_alive: "disable"
comments: "<your_own_value>"
default_gw: "<your_own_value>"
default_gw_priority: "0"
dev_id: "<your_own_value>"
dev_id_notification: "disable"
dhcp_ra_giaddr: "<your_own_value>"
dhcp6_ra_linkaddr: "<your_own_value>"
dhgrp: "1"
digital_signature_auth: "enable"
distance: "15"
dns_mode: "manual"
domain: "<your_own_value>"
dpd: "disable"
dpd_retrycount: "3"
dpd_retryinterval: "<your_own_value>"
eap: "enable"
eap_exclude_peergrp: "<your_own_value> (source user.peergrp.name)"
eap_identity: "use-id-payload"
encap_local_gw4: "<your_own_value>"
encap_local_gw6: "<your_own_value>"
encap_remote_gw4: "<your_own_value>"
encap_remote_gw6: "<your_own_value>"
encapsulation: "none"
encapsulation_address: "ike"
enforce_unique_id: "disable"
esn: "require"
exchange_fgt_device_id: "enable"
exchange_interface_ip: "enable"
exchange_ip_addr4: "<your_own_value>"
exchange_ip_addr6: "<your_own_value>"
fec_base: "10"
fec_codec: "rs"
fec_egress: "enable"
fec_health_check: "<your_own_value> (source system.sdwan.health-check.name)"
fec_ingress: "enable"
fec_mapping_profile: "<your_own_value> (source vpn.ipsec.fec.name)"
fec_receive_timeout: "50"
fec_redundant: "1"
fec_send_timeout: "5"
fgsp_sync: "enable"
forticlient_enforcement: "enable"
fragmentation: "enable"
fragmentation_mtu: "1200"
group_authentication: "enable"
group_authentication_secret: "<your_own_value>"
ha_sync_esp_seqno: "enable"
idle_timeout: "enable"
idle_timeoutinterval: "15"
ike_version: "1"
inbound_dscp_copy: "enable"
include_local_lan: "disable"
interface: "<your_own_value> (source system.interface.name)"
ip_delay_interval: "0"
ip_fragmentation: "pre-encapsulation"
ip_version: "4"
ipv4_dns_server1: "<your_own_value>"
ipv4_dns_server2: "<your_own_value>"
ipv4_dns_server3: "<your_own_value>"
ipv4_end_ip: "<your_own_value>"
ipv4_exclude_range:
-
end_ip: "<your_own_value>"
id: "93"
start_ip: "<your_own_value>"
ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_netmask: "<your_own_value>"
ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_start_ip: "<your_own_value>"
ipv4_wins_server1: "<your_own_value>"
ipv4_wins_server2: "<your_own_value>"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_dns_server3: "<your_own_value>"
ipv6_end_ip: "<your_own_value>"
ipv6_exclude_range:
-
end_ip: "<your_own_value>"
id: "108"
start_ip: "<your_own_value>"
ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_prefix: "128"
ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_start_ip: "<your_own_value>"
keepalive: "10"
keylife: "86400"
kms: "<your_own_value> (source vpn.kmip-server.name)"
link_cost: "0"
local_gw: "<your_own_value>"
local_gw6: "<your_own_value>"
localid: "<your_own_value>"
localid_type: "auto"
loopback_asymroute: "enable"
mesh_selector_type: "disable"
mode: "aggressive"
mode_cfg: "disable"
mode_cfg_allow_client_selector: "disable"
monitor: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
monitor_hold_down_delay: "0"
monitor_hold_down_time: "<your_own_value>"
monitor_hold_down_type: "immediate"
monitor_hold_down_weekday: "everyday"
name: "default_name_133"
nattraversal: "enable"
negotiate_timeout: "30"
net_device: "enable"
network_id: "0"
network_overlay: "disable"
npu_offload: "enable"
packet_redistribution: "enable"
passive_mode: "enable"
peer: "<your_own_value> (source user.peer.name)"
peergrp: "<your_own_value> (source user.peergrp.name)"
peerid: "<your_own_value>"
peertype: "any"
ppk: "disable"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
priority: "1"
proposal: "des-md5"
psksecret: "<your_own_value>"
psksecret_remote: "<your_own_value>"
reauth: "disable"
rekey: "enable"
remote_gw: "<your_own_value>"
remote_gw6: "<your_own_value>"
remotegw_ddns: "<your_own_value>"
rsa_signature_format: "pkcs1"
rsa_signature_hash_override: "enable"
save_password: "disable"
send_cert_chain: "enable"
signature_hash_alg: "sha1"
split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
suite_b: "disable"
tunnel_search: "selectors"
type: "static"
unity_support: "disable"
usrgrp: "<your_own_value> (source user.group.name)"
vni: "0"
wizard_type: "custom"
xauthtype: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.