| source: | fortios_vpn_ipsec_phase1_interface.py |
|---|---|
| orphan: |
fortios_vpn_ipsec_phase1_interface -- Configure VPN remote gateway in Fortinet's FortiOS and FortiGate.
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase1_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.9
Using member operation to add an element to an existing object.
v6.0.0 |
v6.0.5 |
v6.0.11 |
v6.2.0 |
v6.2.3 |
v6.2.5 |
v6.2.7 |
v6.4.0 |
v6.4.1 |
v6.4.4 |
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
v7.0.4 |
v7.0.5 |
v7.0.6 |
v7.0.7 |
v7.0.8 |
v7.0.12 |
v7.2.0 |
v7.2.1 |
v7.2.2 |
v7.2.4 |
v7.4.0 |
|
| fortios_vpn_ipsec_phase1_interface | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes | yes |
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- vpn_ipsec_phase1_interface - Configure VPN remote gateway. type: dict
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0vpn_ipsec_phase1_interface yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - acct_verify - Enable/disable verification of RADIUS accounting record. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0acct_verify yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_gw_route - Enable/disable automatically add a route to the remote gateway. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0add_gw_route yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - add_route - Enable/disable control addition of a route to peer destination selector. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0add_route yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - aggregate_member - Enable/disable use as an aggregate member. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0aggregate_member no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - aggregate_weight - Link weight for aggregate. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0aggregate_weight no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - assign_ip - Enable/disable assignment of IP to IPsec interface via configuration method. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0assign_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - assign_ip_from - Method by which the IP address will be assigned. type: str choices: range, usrgrp, dhcp, name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0assign_ip_from yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [range] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [usrgrp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dhcp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [name] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authmethod - Authentication method. type: str choices: psk, signature
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0authmethod yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [psk] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [signature] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authmethod_remote - Authentication method (remote side). type: str choices: psk, signature
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0authmethod_remote yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [psk] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [signature] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authpasswd - XAuth password (max 35 characters). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0authpasswd yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authusr - XAuth user name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0authusr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - authusrgrp - Authentication user group. Source user.group.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0authusrgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_crossover - Allow/block set-up of short-cut tunnels between different network IDs. type: str choices: allow, block
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_crossover no no no no no no no no no no no no no no no no no no no no no no no no yes [allow] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [block] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - auto_discovery_forwarder - Enable/disable forwarding auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_forwarder yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_offer_interval - Interval between shortcut offer messages in seconds (1 - 300). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_offer_interval no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes - auto_discovery_psk - Enable/disable use of pre-shared secrets for authentication of auto-discovery tunnels. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_psk yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_receiver - Enable/disable accepting auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_receiver yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_sender - Enable/disable sending auto-discovery short-cut messages. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_sender yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_discovery_shortcuts - Control deletion of child short-cut tunnels when the parent tunnel goes down. type: str choices: independent, dependent
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_discovery_shortcuts no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [independent] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dependent] n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - auto_negotiate - Enable/disable automatic initiation of IKE SA negotiation. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0auto_negotiate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - backup_gateway - Instruct unity clients about the backup gateway address(es). type: list member_path: backup_gateway:address
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0backup_gateway yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - address - Address of backup gateway. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - banner - Message that unity client should display after connecting. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0banner yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - cert_id_validation - Enable/disable cross validation of peer ID and the identity in the peer"s certificate as specified in RFC 4945. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0cert_id_validation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - certificate - The names of up to 4 signed personal certificates. type: list member_path: certificate:name
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0certificate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - Certificate name. Source vpn.certificate.local.name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - childless_ike - Enable/disable childless IKEv2 initiation (RFC 6023). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0childless_ike yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_auto_negotiate - Enable/disable allowing the VPN client to bring up the tunnel when there is no traffic. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_auto_negotiate yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - client_keep_alive - Enable/disable allowing the VPN client to keep the tunnel up when there is no traffic. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0client_keep_alive yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - comments - Comment. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0comments yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - default_gw - IPv4 address of default route gateway to use for traffic exiting the interface. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0default_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - default_gw_priority - Priority for default gateway route. A higher priority number signifies a less preferred route. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0default_gw_priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dev_id - Device ID carried by the device ID notification. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dev_id no no no no no no no no no no no no no no no no no no no no no no no no yes - dev_id_notification - Enable/disable device ID notification. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dev_id_notification no no no no no no no no no no no no no no no no no no no no no no no no yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - dhcp_ra_giaddr - Relay agent gateway IP address to use in the giaddr field of DHCP requests. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dhcp_ra_giaddr no no no yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dhcp6_ra_linkaddr - Relay agent IPv6 link address to use in DHCP6 requests. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dhcp6_ra_linkaddr no no no yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dhgrp - DH group. type: list choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dhgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [14] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [15] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [16] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [17] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [18] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [19] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [20] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [21] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [27] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [28] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [29] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [30] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [31] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [32] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - digital_signature_auth - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0digital_signature_auth yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - distance - Distance for routes added by IKE (1 - 255). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0distance yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dns_mode - DNS server mode. type: str choices: manual, auto
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dns_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [manual] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - domain - Instruct unity clients about the single default DNS domain. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0domain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd - Dead Peer Detection mode. type: str choices: disable, on-idle, on-demand
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dpd yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [on-idle] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [on-demand] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd_retrycount - Number of DPD retry attempts. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dpd_retrycount yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - dpd_retryinterval - DPD retry interval. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0dpd_retryinterval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap - Enable/disable IKEv2 EAP authentication. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0eap yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap_exclude_peergrp - Peer group excluded from EAP authentication. Source user.peergrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0eap_exclude_peergrp no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - eap_identity - IKEv2 EAP peer identity type. type: str choices: use-id-payload, send-request
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0eap_identity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [use-id-payload] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [send-request] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_local_gw4 - Local IPv4 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encap_local_gw4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_local_gw6 - Local IPv6 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encap_local_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_remote_gw4 - Remote IPv4 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encap_remote_gw4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encap_remote_gw6 - Remote IPv6 address of GRE/VXLAN tunnel. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encap_remote_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - encapsulation - Enable/disable GRE/VXLAN/VPNID encapsulation. type: str choices: none, gre, vxlan, vpn-id-ipip
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encapsulation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [none] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [gre] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [vxlan] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [vpn-id-ipip] no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes - encapsulation_address - Source for GRE/VXLAN tunnel address. type: str choices: ike, ipv4, ipv6
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0encapsulation_address yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ike] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ipv4] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ipv6] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - enforce_unique_id - Enable/disable peer ID uniqueness check. type: str choices: disable, keep-new, keep-old
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0enforce_unique_id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keep-new] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keep-old] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - esn - Extended sequence number (ESN) negotiation. type: str choices: require, allow, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0esn yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [require] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_fgt_device_id - Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0exchange_fgt_device_id no no no no no no no no no no no no no no no no no no no no no no no no yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes - exchange_interface_ip - Enable/disable exchange of IPsec interface IP address. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0exchange_interface_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_ip_addr4 - IPv4 address to exchange with peers. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0exchange_ip_addr4 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - exchange_ip_addr6 - IPv6 address to exchange with peers. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0exchange_ip_addr6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_base - Number of base Forward Error Correction packets (1 - 20). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_base no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_codec - Forward Error Correction encoding/decoding algorithm. type: str choices: rs, xor
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_codec no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [rs] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes [xor] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_egress - Enable/disable Forward Error Correction for egress IPsec traffic. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_egress no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_health_check - SD-WAN health check. Source system.sdwan.health-check.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_health_check no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_ingress - Enable/disable Forward Error Correction for ingress IPsec traffic. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_ingress no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_mapping_profile - Forward Error Correction (FEC) mapping profile. Source vpn.ipsec.fec.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_mapping_profile no no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_receive_timeout - Timeout in milliseconds before dropping Forward Error Correction packets (1 - 1000). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_receive_timeout no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_redundant - Number of redundant Forward Error Correction packets (1 - 5 for reed-solomon, 1 for xor). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_redundant no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fec_send_timeout - Timeout in milliseconds before sending Forward Error Correction packets (1 - 1000). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fec_send_timeout no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fgsp_sync - Enable/disable IPsec syncing of tunnels for FGSP IPsec. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fgsp_sync no no no no no no no no no no no no no no no no no no yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes yes yes yes - forticlient_enforcement - Enable/disable FortiClient enforcement. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0forticlient_enforcement yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fragmentation - Enable/disable fragment IKE message on re-transmission. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fragmentation yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - fragmentation_mtu - IKE fragmentation MTU (500 - 16000). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0fragmentation_mtu yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - group_authentication - Enable/disable IKEv2 IDi group authentication. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0group_authentication yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - group_authentication_secret - Password for IKEv2 ID group authentication. ASCII string or hexadecimal indicated by a leading 0x. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0group_authentication_secret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ha_sync_esp_seqno - Enable/disable sequence number jump ahead for IPsec HA. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ha_sync_esp_seqno yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - idle_timeout - Enable/disable IPsec tunnel idle timeout. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0idle_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - idle_timeoutinterval - IPsec tunnel idle timeout in minutes (5 - 43200). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0idle_timeoutinterval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ike_version - IKE protocol version. type: str choices: 1, 2
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ike_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [2] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - inbound_dscp_copy - Enable/disable copy the dscp in the ESP header to the inner IP Header. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0inbound_dscp_copy no no no no no no no no no no no no no no no no yes yes yes yes no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes n/a yes yes yes yes - include_local_lan - Enable/disable allow local LAN access on unity clients. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0include_local_lan yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - interface - Local physical, aggregate, or VLAN outgoing interface. Source system.interface.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0interface yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_delay_interval - IP address reuse delay interval in seconds (0 - 28800). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip_delay_interval no no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_fragmentation - Determine whether IP packets are fragmented before or after IPsec encapsulation. type: str choices: pre-encapsulation, post-encapsulation
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip_fragmentation no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pre-encapsulation] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [post-encapsulation] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ip_version - IP version to use for VPN interface. type: str choices: 4, 6
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ip_version yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [4] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [6] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server1 - IPv4 DNS server 1. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_dns_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server2 - IPv4 DNS server 2. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_dns_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_dns_server3 - IPv4 DNS server 3. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_dns_server3 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_end_ip - End of IPv4 range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_exclude_range - Configuration Method IPv4 exclude ranges. type: list member_path: ipv4_exclude_range:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_exclude_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - end_ip - End of IPv4 exclusive range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - ID. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - start_ip - Start of IPv4 exclusive range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_name - IPv4 address name. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_netmask - IPv4 Netmask. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_netmask yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_split_exclude - IPv4 subnets that should not be sent over the IPsec tunnel. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_split_exclude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_split_include - IPv4 split-include subnets. Source firewall.address.name firewall.addrgrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_split_include yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_start_ip - Start of IPv4 range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_wins_server1 - WINS server 1. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_wins_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv4_wins_server2 - WINS server 2. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv4_wins_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server1 - IPv6 DNS server 1. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_dns_server1 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server2 - IPv6 DNS server 2. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_dns_server2 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_dns_server3 - IPv6 DNS server 3. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_dns_server3 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_end_ip - End of IPv6 range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_exclude_range - Configuration method IPv6 exclude ranges. type: list member_path: ipv6_exclude_range:id
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_exclude_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - end_ip - End of IPv6 exclusive range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0end_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - id - ID. type: int required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0id yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - start_ip - Start of IPv6 exclusive range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_name - IPv6 address name. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_prefix - IPv6 prefix. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_prefix yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_split_exclude - IPv6 subnets that should not be sent over the IPsec tunnel. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_split_exclude yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_split_include - IPv6 split-include subnets. Source firewall.address6.name firewall.addrgrp6.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_split_include yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ipv6_start_ip - Start of IPv6 range. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ipv6_start_ip yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - keepalive - NAT-T keep alive interval. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0keepalive yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - keylife - Time to wait in seconds before phase 1 encryption key expires. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0keylife yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - kms - Key Management Services server. Source vpn.kmip-server.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0kms no no no no no no no no no no no no no no no no no no no no no no no no yes - link_cost - VPN tunnel underlay link cost. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0link_cost no no no no no no no no no no no no no no no no no no no no no yes yes yes yes - local_gw - IPv4 address of the local gateway"s external interface. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0local_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - local_gw6 - IPv6 address of the local gateway"s external interface. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0local_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - localid - Local ID. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0localid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - localid_type - Local ID type. type: str choices: auto, fqdn, user-fqdn, keyid, address, asn1dn
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0localid_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [user-fqdn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [keyid] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [address] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [asn1dn] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - loopback_asymroute - Enable/disable asymmetric routing for IKE traffic on loopback interface. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0loopback_asymroute no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mesh_selector_type - Add selectors containing subsets of the configuration depending on traffic. type: str choices: disable, subnet, host
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mesh_selector_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [subnet] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode - The ID protection mode used to establish a secure channel. type: str choices: aggressive, main
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aggressive] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [main] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode_cfg - Enable/disable configuration method. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mode_cfg yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - mode_cfg_allow_client_selector - Enable/disable mode-cfg client to use custom phase2 selectors. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0mode_cfg_allow_client_selector no no no no no no no no no no no no no no no no no no no no yes yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes yes - monitor - IPsec interface as backup for primary interface. Source vpn.ipsec.phase1-interface.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_delay - Time to wait in seconds before recovery once primary re-establishes. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor_hold_down_delay yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_time - Time of day at which to fail back to primary after it re-establishes. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor_hold_down_time yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_type - Recovery time method when primary interface re-establishes. type: str choices: immediate, delay, time
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor_hold_down_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [immediate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [delay] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [time] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - monitor_hold_down_weekday - Day of the week to recover once primary re-establishes. type: str choices: everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0monitor_hold_down_weekday yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [everyday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sunday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [monday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [tuesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [wednesday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [thursday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [friday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [saturday] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - name - IPsec remote gateway name. type: str required: true
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - nattraversal - Enable/disable NAT traversal. type: str choices: enable, disable, forced
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0nattraversal yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [forced] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - negotiate_timeout - IKE SA negotiation timeout in seconds (1 - 300). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0negotiate_timeout yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - net_device - Enable/disable kernel device creation. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0net_device yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - network_id - VPN gateway network ID. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0network_id no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - network_overlay - Enable/disable network overlays. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0network_overlay no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] n/a n/a n/a yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - npu_offload - Enable/disable offloading NPU. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0npu_offload yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - packet_redistribution - Enable/disable packet distribution (RPS) on the IPsec interface. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0packet_redistribution no no no no no no no no no no no no no no no no no no no no no no no no no [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes n/a yes - passive_mode - Enable/disable IPsec passive mode for static tunnels. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0passive_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peer - Accept this peer certificate. Source user.peer.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0peer yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peergrp - Accept this peer certificate group. Source user.peergrp.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0peergrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peerid - Accept this peer identity. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0peerid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - peertype - Accept this peer type. type: str choices: any, one, dialup, peer, peergrp
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0peertype yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [any] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [one] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [peer] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [peergrp] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk - Enable/disable IKEv2 Postquantum Preshared Key (PPK). type: str choices: disable, allow, require
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ppk yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [require] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk_identity - IKEv2 Postquantum Preshared Key Identity. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ppk_identity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - ppk_secret - IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0ppk_secret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - priority - Priority for routes added by IKE (1 - 65535). type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0priority yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - proposal - Phase1 proposal. type: list choices: des-md5, des-sha1, des-sha256, des-sha384, des-sha512, 3des-md5, 3des-sha1, 3des-sha256, 3des-sha384, 3des-sha512, aes128-md5, aes128-sha1, aes128-sha256, aes128-sha384, aes128-sha512, aes128gcm-prfsha1, aes128gcm-prfsha256, aes128gcm-prfsha384, aes128gcm-prfsha512, aes192-md5, aes192-sha1, aes192-sha256, aes192-sha384, aes192-sha512, aes256-md5, aes256-sha1, aes256-sha256, aes256-sha384, aes256-sha512, aes256gcm-prfsha1, aes256gcm-prfsha256, aes256gcm-prfsha384, aes256gcm-prfsha512, chacha20poly1305-prfsha1, chacha20poly1305-prfsha256, chacha20poly1305-prfsha384, chacha20poly1305-prfsha512, aria128-md5, aria128-sha1, aria128-sha256, aria128-sha384, aria128-sha512, aria192-md5, aria192-sha1, aria192-sha256, aria192-sha384, aria192-sha512, aria256-md5, aria256-sha1, aria256-sha256, aria256-sha384, aria256-sha512, seed-md5, seed-sha1, seed-sha256, seed-sha384, seed-sha512
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0proposal yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [des-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [3des-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes128gcm-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes192-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aes256gcm-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chacha20poly1305-prfsha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria128-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria192-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [aria256-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-md5] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [seed-sha512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - psksecret - Pre-shared secret for PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0psksecret yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - psksecret_remote - Pre-shared secret for remote side PSK authentication (ASCII string or hexadecimal encoded with a leading 0x). type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0psksecret_remote yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - reauth - Enable/disable re-authentication upon IKE SA lifetime expiration. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0reauth yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rekey - Enable/disable phase1 rekey. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0rekey yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remote_gw - IPv4 address of the remote gateway"s external interface. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0remote_gw yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remote_gw6 - IPv6 address of the remote gateway"s external interface. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0remote_gw6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - remotegw_ddns - Domain name of remote gateway. For example, name.ddns.com. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0remotegw_ddns yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rsa_signature_format - Digital Signature Authentication RSA signature format. type: str choices: pkcs1, pss
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0rsa_signature_format yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pkcs1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pss] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - rsa_signature_hash_override - Enable/disable IKEv2 RSA signature hash algorithm override. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0rsa_signature_hash_override no no no no no no no no no no no no no no no no no no no no no yes yes yes yes [enable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes [disable] n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a yes yes yes yes - save_password - Enable/disable saving XAuth username and password on VPN clients. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0save_password yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - send_cert_chain - Enable/disable sending certificate chain. type: str choices: enable, disable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0send_cert_chain yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - signature_hash_alg - Digital Signature Authentication hash algorithms. type: list choices: sha1, sha2-256, sha2-384, sha2-512
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0signature_hash_alg yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha1] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-384] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [sha2-512] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - split_include_service - Split-include services. Source firewall.service.group.name firewall.service.custom.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0split_include_service yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - suite_b - Use Suite-B. type: str choices: disable, suite-b-gcm-128, suite-b-gcm-256
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0suite_b yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [suite-b-gcm-128] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [suite-b-gcm-256] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - tunnel_search - Tunnel search method for when the interface is shared. type: str choices: selectors, nexthop
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4tunnel_search yes yes yes yes yes yes yes yes yes yes [selectors] yes yes yes yes yes yes yes yes yes yes [nexthop] yes yes yes yes yes yes yes yes yes yes - type - Remote gateway type. type: str choices: static, dynamic, ddns
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dynamic] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [ddns] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - unity_support - Enable/disable support for Cisco UNITY Configuration Method extensions. type: str choices: disable, enable
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0unity_support yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - usrgrp - User group name for dialup peers. Source user.group.name. type: str
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0usrgrp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - vni - VNI of VXLAN tunnel. type: int
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0vni yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - wizard_type - GUI VPN Wizard Type. type: str choices: custom, dialup-forticlient, dialup-ios, dialup-android, dialup-windows, dialup-cisco, static-fortigate, dialup-fortigate, static-cisco, dialup-cisco-fw, simplified-static-fortigate, hub-fortigate-auto-discovery, spoke-fortigate-auto-discovery
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0wizard_type yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [custom] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-forticlient] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-ios] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-android] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-windows] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-cisco] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static-fortigate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-fortigate] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [static-cisco] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [dialup-cisco-fw] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [simplified-static-fortigate] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [hub-fortigate-auto-discovery] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [spoke-fortigate-auto-discovery] no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes - xauthtype - XAuth type. type: str choices: disable, client, pap, chap, auto
more...
v6.0.0v6.0.5v6.0.11v6.2.0v6.2.3v6.2.5v6.2.7v6.4.0v6.4.1v6.4.4v7.0.0v7.0.1v7.0.2v7.0.3v7.0.4v7.0.5v7.0.6v7.0.7v7.0.8v7.0.12v7.2.0v7.2.1v7.2.2v7.2.4v7.4.0xauthtype yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [client] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [pap] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [chap] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes [auto] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure VPN remote gateway.
fortios_vpn_ipsec_phase1_interface:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
vpn_ipsec_phase1_interface:
acct_verify: "enable"
add_gw_route: "enable"
add_route: "disable"
aggregate_member: "enable"
aggregate_weight: "1"
assign_ip: "disable"
assign_ip_from: "range"
authmethod: "psk"
authmethod_remote: "psk"
authpasswd: "<your_own_value>"
authusr: "<your_own_value>"
authusrgrp: "<your_own_value> (source user.group.name)"
auto_discovery_crossover: "allow"
auto_discovery_forwarder: "enable"
auto_discovery_offer_interval: "5"
auto_discovery_psk: "enable"
auto_discovery_receiver: "enable"
auto_discovery_sender: "enable"
auto_discovery_shortcuts: "independent"
auto_negotiate: "enable"
backup_gateway:
-
address: "<your_own_value>"
banner: "<your_own_value>"
cert_id_validation: "enable"
certificate:
-
name: "default_name_28 (source vpn.certificate.local.name)"
childless_ike: "enable"
client_auto_negotiate: "disable"
client_keep_alive: "disable"
comments: "<your_own_value>"
default_gw: "<your_own_value>"
default_gw_priority: "0"
dev_id: "<your_own_value>"
dev_id_notification: "disable"
dhcp_ra_giaddr: "<your_own_value>"
dhcp6_ra_linkaddr: "<your_own_value>"
dhgrp: "1"
digital_signature_auth: "enable"
distance: "15"
dns_mode: "manual"
domain: "<your_own_value>"
dpd: "disable"
dpd_retrycount: "3"
dpd_retryinterval: "<your_own_value>"
eap: "enable"
eap_exclude_peergrp: "<your_own_value> (source user.peergrp.name)"
eap_identity: "use-id-payload"
encap_local_gw4: "<your_own_value>"
encap_local_gw6: "<your_own_value>"
encap_remote_gw4: "<your_own_value>"
encap_remote_gw6: "<your_own_value>"
encapsulation: "none"
encapsulation_address: "ike"
enforce_unique_id: "disable"
esn: "require"
exchange_fgt_device_id: "enable"
exchange_interface_ip: "enable"
exchange_ip_addr4: "<your_own_value>"
exchange_ip_addr6: "<your_own_value>"
fec_base: "10"
fec_codec: "rs"
fec_egress: "enable"
fec_health_check: "<your_own_value> (source system.sdwan.health-check.name)"
fec_ingress: "enable"
fec_mapping_profile: "<your_own_value> (source vpn.ipsec.fec.name)"
fec_receive_timeout: "50"
fec_redundant: "1"
fec_send_timeout: "5"
fgsp_sync: "enable"
forticlient_enforcement: "enable"
fragmentation: "enable"
fragmentation_mtu: "1200"
group_authentication: "enable"
group_authentication_secret: "<your_own_value>"
ha_sync_esp_seqno: "enable"
idle_timeout: "enable"
idle_timeoutinterval: "15"
ike_version: "1"
inbound_dscp_copy: "enable"
include_local_lan: "disable"
interface: "<your_own_value> (source system.interface.name)"
ip_delay_interval: "0"
ip_fragmentation: "pre-encapsulation"
ip_version: "4"
ipv4_dns_server1: "<your_own_value>"
ipv4_dns_server2: "<your_own_value>"
ipv4_dns_server3: "<your_own_value>"
ipv4_end_ip: "<your_own_value>"
ipv4_exclude_range:
-
end_ip: "<your_own_value>"
id: "93"
start_ip: "<your_own_value>"
ipv4_name: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_netmask: "<your_own_value>"
ipv4_split_exclude: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_split_include: "<your_own_value> (source firewall.address.name firewall.addrgrp.name)"
ipv4_start_ip: "<your_own_value>"
ipv4_wins_server1: "<your_own_value>"
ipv4_wins_server2: "<your_own_value>"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_dns_server3: "<your_own_value>"
ipv6_end_ip: "<your_own_value>"
ipv6_exclude_range:
-
end_ip: "<your_own_value>"
id: "108"
start_ip: "<your_own_value>"
ipv6_name: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_prefix: "128"
ipv6_split_exclude: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_split_include: "<your_own_value> (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_start_ip: "<your_own_value>"
keepalive: "10"
keylife: "86400"
kms: "<your_own_value> (source vpn.kmip-server.name)"
link_cost: "0"
local_gw: "<your_own_value>"
local_gw6: "<your_own_value>"
localid: "<your_own_value>"
localid_type: "auto"
loopback_asymroute: "enable"
mesh_selector_type: "disable"
mode: "aggressive"
mode_cfg: "disable"
mode_cfg_allow_client_selector: "disable"
monitor: "<your_own_value> (source vpn.ipsec.phase1-interface.name)"
monitor_hold_down_delay: "0"
monitor_hold_down_time: "<your_own_value>"
monitor_hold_down_type: "immediate"
monitor_hold_down_weekday: "everyday"
name: "default_name_133"
nattraversal: "enable"
negotiate_timeout: "30"
net_device: "enable"
network_id: "0"
network_overlay: "disable"
npu_offload: "enable"
packet_redistribution: "enable"
passive_mode: "enable"
peer: "<your_own_value> (source user.peer.name)"
peergrp: "<your_own_value> (source user.peergrp.name)"
peerid: "<your_own_value>"
peertype: "any"
ppk: "disable"
ppk_identity: "<your_own_value>"
ppk_secret: "<your_own_value>"
priority: "1"
proposal: "des-md5"
psksecret: "<your_own_value>"
psksecret_remote: "<your_own_value>"
reauth: "disable"
rekey: "enable"
remote_gw: "<your_own_value>"
remote_gw6: "<your_own_value>"
remotegw_ddns: "<your_own_value>"
rsa_signature_format: "pkcs1"
rsa_signature_hash_override: "enable"
save_password: "disable"
send_cert_chain: "enable"
signature_hash_alg: "sha1"
split_include_service: "<your_own_value> (source firewall.service.group.name firewall.service.custom.name)"
suite_b: "disable"
tunnel_search: "selectors"
type: "static"
unity_support: "disable"
usrgrp: "<your_own_value> (source user.group.name)"
vni: "0"
wizard_type: "custom"
xauthtype: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.