fortimanager.ObjectWirelesscontrollerVap
Explore with Pulumi AI
Configure Virtual Access Points (VAPs).
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
dynamic_mapping:fortimanager.ObjectWirelesscontrollerVapDynamicMapping
mac_filter_list:fortimanager.ObjectWirelesscontrollerVapMacfilterlist
mpsk_key:fortimanager_object_wirelesscontroller_vap_mpskkey
portal_message_overrides:fortimanager.ObjectWirelesscontrollerVapPortalmessageoverrides
vlan_name:fortimanager.ObjectWirelesscontrollerVapVlanname
vlan_pool:fortimanager.ObjectWirelesscontrollerVapVlanpool
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const trname = new fortimanager.ObjectWirelesscontrollerVap("trname", {
    _centmgmt: "enable",
    _intfAllowaccesses: [
        "http",
        "https",
        "ping",
        "ssh",
    ],
    _intfDeviceIdentification: "enable",
    _intfDeviceNetscan: "disable",
    _intfDhcp6RelayService: "disable",
    _intfDhcp6RelayType: "regular",
    _intfDhcpRelayService: "disable",
    _intfDhcpRelayType: "regular",
    _intfListenForticlientConnection: "disable",
    atfWeight: 20,
    broadcastSsid: "enable",
    broadcastSuppressions: [
        "arp-known",
        "dhcp-ucast",
        "dhcp-up",
    ],
    bssColorPartial: "enable",
    dhcpOption43Insertion: "enable",
    dhcpOption82CircuitIdInsertion: "disable",
    dhcpOption82Insertion: "disable",
    dhcpOption82RemoteIdInsertion: "disable",
    eapReauth: "disable",
    eapReauthIntv: 86400,
    eapolKeyRetries: "enable",
    encrypt: "AES",
    externalFastRoaming: "disable",
    fastBssTransition: "disable",
    fastRoaming: "enable",
    ftMobilityDomain: 1000,
    ftOverDs: "enable",
    ftR0KeyLifetime: 480,
    gtkRekey: "disable",
    gtkRekeyIntv: 86400,
    highEfficiency: "enable",
    igmpSnooping: "disable",
    intraVapPrivacy: "disable",
    ipv6Rules: [
        "drop-dhcp6c",
        "drop-dhcp6s",
        "drop-icmp6mld2",
        "drop-icmp6ra",
        "drop-icmp6rs",
        "drop-llmnr6",
        "drop-ns-dad",
        "ndp-proxy",
    ],
    ldpc: "rxtx",
    localAuthentication: "disable",
    localBridging: "disable",
    localLan: "allow",
    localStandalone: "disable",
    macAuthBypass: "disable",
    macFilter: "disable",
    macFilterPolicyOther: "allow",
    meDisableThresh: 32,
    meshBackhaul: "disable",
    mpsk: "disable",
    muMimo: "enable",
    multicastEnhance: "disable",
    multicastRate: "0",
    okc: "enable",
    oweTransition: "disable",
    passphrases: ["fortinet"],
    pmf: "disable",
    pmfAssocComebackTimeout: 1,
    pmfSaQueryRetryTimeout: 2,
    portMacauth: "disable",
    portMacauthReauthTimeout: 7200,
    portMacauthTimeout: 600,
    probeRespSuppression: "disable",
    probeRespThreshold: "-80",
    ptkRekey: "disable",
    ptkRekeyIntv: 86400,
    quarantine: "enable",
    radio2gThreshold: "-79",
    radio5gThreshold: "-76",
    radioSensitivity: "disable",
    radiusMacAuth: "disable",
    security: "wpa2-only-personal",
    securityObsoleteOption: "disable",
    splitTunneling: "disable",
    ssid: "fortinet",
    stickyClientRemove: "disable",
    stickyClientThreshold2g: "-79",
    stickyClientThreshold5g: "-76",
    targetWakeTime: "enable",
    tkipCounterMeasure: "enable",
    vlanAuto: "disable",
    vlanPooling: "disable",
    voiceEnterprise: "disable",
});
import pulumi
import pulumi_fortimanager as fortimanager
trname = fortimanager.ObjectWirelesscontrollerVap("trname",
    _centmgmt="enable",
    _intf_allowaccesses=[
        "http",
        "https",
        "ping",
        "ssh",
    ],
    _intf_device_identification="enable",
    _intf_device_netscan="disable",
    _intf_dhcp6_relay_service="disable",
    _intf_dhcp6_relay_type="regular",
    _intf_dhcp_relay_service="disable",
    _intf_dhcp_relay_type="regular",
    _intf_listen_forticlient_connection="disable",
    atf_weight=20,
    broadcast_ssid="enable",
    broadcast_suppressions=[
        "arp-known",
        "dhcp-ucast",
        "dhcp-up",
    ],
    bss_color_partial="enable",
    dhcp_option43_insertion="enable",
    dhcp_option82_circuit_id_insertion="disable",
    dhcp_option82_insertion="disable",
    dhcp_option82_remote_id_insertion="disable",
    eap_reauth="disable",
    eap_reauth_intv=86400,
    eapol_key_retries="enable",
    encrypt="AES",
    external_fast_roaming="disable",
    fast_bss_transition="disable",
    fast_roaming="enable",
    ft_mobility_domain=1000,
    ft_over_ds="enable",
    ft_r0_key_lifetime=480,
    gtk_rekey="disable",
    gtk_rekey_intv=86400,
    high_efficiency="enable",
    igmp_snooping="disable",
    intra_vap_privacy="disable",
    ipv6_rules=[
        "drop-dhcp6c",
        "drop-dhcp6s",
        "drop-icmp6mld2",
        "drop-icmp6ra",
        "drop-icmp6rs",
        "drop-llmnr6",
        "drop-ns-dad",
        "ndp-proxy",
    ],
    ldpc="rxtx",
    local_authentication="disable",
    local_bridging="disable",
    local_lan="allow",
    local_standalone="disable",
    mac_auth_bypass="disable",
    mac_filter="disable",
    mac_filter_policy_other="allow",
    me_disable_thresh=32,
    mesh_backhaul="disable",
    mpsk="disable",
    mu_mimo="enable",
    multicast_enhance="disable",
    multicast_rate="0",
    okc="enable",
    owe_transition="disable",
    passphrases=["fortinet"],
    pmf="disable",
    pmf_assoc_comeback_timeout=1,
    pmf_sa_query_retry_timeout=2,
    port_macauth="disable",
    port_macauth_reauth_timeout=7200,
    port_macauth_timeout=600,
    probe_resp_suppression="disable",
    probe_resp_threshold="-80",
    ptk_rekey="disable",
    ptk_rekey_intv=86400,
    quarantine="enable",
    radio2g_threshold="-79",
    radio5g_threshold="-76",
    radio_sensitivity="disable",
    radius_mac_auth="disable",
    security="wpa2-only-personal",
    security_obsolete_option="disable",
    split_tunneling="disable",
    ssid="fortinet",
    sticky_client_remove="disable",
    sticky_client_threshold2g="-79",
    sticky_client_threshold5g="-76",
    target_wake_time="enable",
    tkip_counter_measure="enable",
    vlan_auto="disable",
    vlan_pooling="disable",
    voice_enterprise="disable")
package main
import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fortimanager.NewObjectWirelesscontrollerVap(ctx, "trname", &fortimanager.ObjectWirelesscontrollerVapArgs{
			_centmgmt: pulumi.String("enable"),
			_intfAllowaccesses: pulumi.StringArray{
				pulumi.String("http"),
				pulumi.String("https"),
				pulumi.String("ping"),
				pulumi.String("ssh"),
			},
			_intfDeviceIdentification:        pulumi.String("enable"),
			_intfDeviceNetscan:               pulumi.String("disable"),
			_intfDhcp6RelayService:           pulumi.String("disable"),
			_intfDhcp6RelayType:              pulumi.String("regular"),
			_intfDhcpRelayService:            pulumi.String("disable"),
			_intfDhcpRelayType:               pulumi.String("regular"),
			_intfListenForticlientConnection: pulumi.String("disable"),
			AtfWeight:                        pulumi.Float64(20),
			BroadcastSsid:                    pulumi.String("enable"),
			BroadcastSuppressions: pulumi.StringArray{
				pulumi.String("arp-known"),
				pulumi.String("dhcp-ucast"),
				pulumi.String("dhcp-up"),
			},
			BssColorPartial:                pulumi.String("enable"),
			DhcpOption43Insertion:          pulumi.String("enable"),
			DhcpOption82CircuitIdInsertion: pulumi.String("disable"),
			DhcpOption82Insertion:          pulumi.String("disable"),
			DhcpOption82RemoteIdInsertion:  pulumi.String("disable"),
			EapReauth:                      pulumi.String("disable"),
			EapReauthIntv:                  pulumi.Float64(86400),
			EapolKeyRetries:                pulumi.String("enable"),
			Encrypt:                        pulumi.String("AES"),
			ExternalFastRoaming:            pulumi.String("disable"),
			FastBssTransition:              pulumi.String("disable"),
			FastRoaming:                    pulumi.String("enable"),
			FtMobilityDomain:               pulumi.Float64(1000),
			FtOverDs:                       pulumi.String("enable"),
			FtR0KeyLifetime:                pulumi.Float64(480),
			GtkRekey:                       pulumi.String("disable"),
			GtkRekeyIntv:                   pulumi.Float64(86400),
			HighEfficiency:                 pulumi.String("enable"),
			IgmpSnooping:                   pulumi.String("disable"),
			IntraVapPrivacy:                pulumi.String("disable"),
			Ipv6Rules: pulumi.StringArray{
				pulumi.String("drop-dhcp6c"),
				pulumi.String("drop-dhcp6s"),
				pulumi.String("drop-icmp6mld2"),
				pulumi.String("drop-icmp6ra"),
				pulumi.String("drop-icmp6rs"),
				pulumi.String("drop-llmnr6"),
				pulumi.String("drop-ns-dad"),
				pulumi.String("ndp-proxy"),
			},
			Ldpc:                 pulumi.String("rxtx"),
			LocalAuthentication:  pulumi.String("disable"),
			LocalBridging:        pulumi.String("disable"),
			LocalLan:             pulumi.String("allow"),
			LocalStandalone:      pulumi.String("disable"),
			MacAuthBypass:        pulumi.String("disable"),
			MacFilter:            pulumi.String("disable"),
			MacFilterPolicyOther: pulumi.String("allow"),
			MeDisableThresh:      pulumi.Float64(32),
			MeshBackhaul:         pulumi.String("disable"),
			Mpsk:                 pulumi.String("disable"),
			MuMimo:               pulumi.String("enable"),
			MulticastEnhance:     pulumi.String("disable"),
			MulticastRate:        pulumi.String("0"),
			Okc:                  pulumi.String("enable"),
			OweTransition:        pulumi.String("disable"),
			Passphrases: pulumi.StringArray{
				pulumi.String("fortinet"),
			},
			Pmf:                      pulumi.String("disable"),
			PmfAssocComebackTimeout:  pulumi.Float64(1),
			PmfSaQueryRetryTimeout:   pulumi.Float64(2),
			PortMacauth:              pulumi.String("disable"),
			PortMacauthReauthTimeout: pulumi.Float64(7200),
			PortMacauthTimeout:       pulumi.Float64(600),
			ProbeRespSuppression:     pulumi.String("disable"),
			ProbeRespThreshold:       pulumi.String("-80"),
			PtkRekey:                 pulumi.String("disable"),
			PtkRekeyIntv:             pulumi.Float64(86400),
			Quarantine:               pulumi.String("enable"),
			Radio2gThreshold:         pulumi.String("-79"),
			Radio5gThreshold:         pulumi.String("-76"),
			RadioSensitivity:         pulumi.String("disable"),
			RadiusMacAuth:            pulumi.String("disable"),
			Security:                 pulumi.String("wpa2-only-personal"),
			SecurityObsoleteOption:   pulumi.String("disable"),
			SplitTunneling:           pulumi.String("disable"),
			Ssid:                     pulumi.String("fortinet"),
			StickyClientRemove:       pulumi.String("disable"),
			StickyClientThreshold2g:  pulumi.String("-79"),
			StickyClientThreshold5g:  pulumi.String("-76"),
			TargetWakeTime:           pulumi.String("enable"),
			TkipCounterMeasure:       pulumi.String("enable"),
			VlanAuto:                 pulumi.String("disable"),
			VlanPooling:              pulumi.String("disable"),
			VoiceEnterprise:          pulumi.String("disable"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() => 
{
    var trname = new Fortimanager.ObjectWirelesscontrollerVap("trname", new()
    {
        _centmgmt = "enable",
        _intfAllowaccesses = new[]
        {
            "http",
            "https",
            "ping",
            "ssh",
        },
        _intfDeviceIdentification = "enable",
        _intfDeviceNetscan = "disable",
        _intfDhcp6RelayService = "disable",
        _intfDhcp6RelayType = "regular",
        _intfDhcpRelayService = "disable",
        _intfDhcpRelayType = "regular",
        _intfListenForticlientConnection = "disable",
        AtfWeight = 20,
        BroadcastSsid = "enable",
        BroadcastSuppressions = new[]
        {
            "arp-known",
            "dhcp-ucast",
            "dhcp-up",
        },
        BssColorPartial = "enable",
        DhcpOption43Insertion = "enable",
        DhcpOption82CircuitIdInsertion = "disable",
        DhcpOption82Insertion = "disable",
        DhcpOption82RemoteIdInsertion = "disable",
        EapReauth = "disable",
        EapReauthIntv = 86400,
        EapolKeyRetries = "enable",
        Encrypt = "AES",
        ExternalFastRoaming = "disable",
        FastBssTransition = "disable",
        FastRoaming = "enable",
        FtMobilityDomain = 1000,
        FtOverDs = "enable",
        FtR0KeyLifetime = 480,
        GtkRekey = "disable",
        GtkRekeyIntv = 86400,
        HighEfficiency = "enable",
        IgmpSnooping = "disable",
        IntraVapPrivacy = "disable",
        Ipv6Rules = new[]
        {
            "drop-dhcp6c",
            "drop-dhcp6s",
            "drop-icmp6mld2",
            "drop-icmp6ra",
            "drop-icmp6rs",
            "drop-llmnr6",
            "drop-ns-dad",
            "ndp-proxy",
        },
        Ldpc = "rxtx",
        LocalAuthentication = "disable",
        LocalBridging = "disable",
        LocalLan = "allow",
        LocalStandalone = "disable",
        MacAuthBypass = "disable",
        MacFilter = "disable",
        MacFilterPolicyOther = "allow",
        MeDisableThresh = 32,
        MeshBackhaul = "disable",
        Mpsk = "disable",
        MuMimo = "enable",
        MulticastEnhance = "disable",
        MulticastRate = "0",
        Okc = "enable",
        OweTransition = "disable",
        Passphrases = new[]
        {
            "fortinet",
        },
        Pmf = "disable",
        PmfAssocComebackTimeout = 1,
        PmfSaQueryRetryTimeout = 2,
        PortMacauth = "disable",
        PortMacauthReauthTimeout = 7200,
        PortMacauthTimeout = 600,
        ProbeRespSuppression = "disable",
        ProbeRespThreshold = "-80",
        PtkRekey = "disable",
        PtkRekeyIntv = 86400,
        Quarantine = "enable",
        Radio2gThreshold = "-79",
        Radio5gThreshold = "-76",
        RadioSensitivity = "disable",
        RadiusMacAuth = "disable",
        Security = "wpa2-only-personal",
        SecurityObsoleteOption = "disable",
        SplitTunneling = "disable",
        Ssid = "fortinet",
        StickyClientRemove = "disable",
        StickyClientThreshold2g = "-79",
        StickyClientThreshold5g = "-76",
        TargetWakeTime = "enable",
        TkipCounterMeasure = "enable",
        VlanAuto = "disable",
        VlanPooling = "disable",
        VoiceEnterprise = "disable",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.ObjectWirelesscontrollerVap;
import com.pulumi.fortimanager.ObjectWirelesscontrollerVapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var trname = new ObjectWirelesscontrollerVap("trname", ObjectWirelesscontrollerVapArgs.builder()
            ._centmgmt("enable")
            ._intfAllowaccesses(            
                "http",
                "https",
                "ping",
                "ssh")
            ._intfDeviceIdentification("enable")
            ._intfDeviceNetscan("disable")
            ._intfDhcp6RelayService("disable")
            ._intfDhcp6RelayType("regular")
            ._intfDhcpRelayService("disable")
            ._intfDhcpRelayType("regular")
            ._intfListenForticlientConnection("disable")
            .atfWeight(20)
            .broadcastSsid("enable")
            .broadcastSuppressions(            
                "arp-known",
                "dhcp-ucast",
                "dhcp-up")
            .bssColorPartial("enable")
            .dhcpOption43Insertion("enable")
            .dhcpOption82CircuitIdInsertion("disable")
            .dhcpOption82Insertion("disable")
            .dhcpOption82RemoteIdInsertion("disable")
            .eapReauth("disable")
            .eapReauthIntv(86400)
            .eapolKeyRetries("enable")
            .encrypt("AES")
            .externalFastRoaming("disable")
            .fastBssTransition("disable")
            .fastRoaming("enable")
            .ftMobilityDomain(1000)
            .ftOverDs("enable")
            .ftR0KeyLifetime(480)
            .gtkRekey("disable")
            .gtkRekeyIntv(86400)
            .highEfficiency("enable")
            .igmpSnooping("disable")
            .intraVapPrivacy("disable")
            .ipv6Rules(            
                "drop-dhcp6c",
                "drop-dhcp6s",
                "drop-icmp6mld2",
                "drop-icmp6ra",
                "drop-icmp6rs",
                "drop-llmnr6",
                "drop-ns-dad",
                "ndp-proxy")
            .ldpc("rxtx")
            .localAuthentication("disable")
            .localBridging("disable")
            .localLan("allow")
            .localStandalone("disable")
            .macAuthBypass("disable")
            .macFilter("disable")
            .macFilterPolicyOther("allow")
            .meDisableThresh(32)
            .meshBackhaul("disable")
            .mpsk("disable")
            .muMimo("enable")
            .multicastEnhance("disable")
            .multicastRate("0")
            .okc("enable")
            .oweTransition("disable")
            .passphrases("fortinet")
            .pmf("disable")
            .pmfAssocComebackTimeout(1)
            .pmfSaQueryRetryTimeout(2)
            .portMacauth("disable")
            .portMacauthReauthTimeout(7200)
            .portMacauthTimeout(600)
            .probeRespSuppression("disable")
            .probeRespThreshold("-80")
            .ptkRekey("disable")
            .ptkRekeyIntv(86400)
            .quarantine("enable")
            .radio2gThreshold("-79")
            .radio5gThreshold("-76")
            .radioSensitivity("disable")
            .radiusMacAuth("disable")
            .security("wpa2-only-personal")
            .securityObsoleteOption("disable")
            .splitTunneling("disable")
            .ssid("fortinet")
            .stickyClientRemove("disable")
            .stickyClientThreshold2g("-79")
            .stickyClientThreshold5g("-76")
            .targetWakeTime("enable")
            .tkipCounterMeasure("enable")
            .vlanAuto("disable")
            .vlanPooling("disable")
            .voiceEnterprise("disable")
            .build());
    }
}
resources:
  trname:
    type: fortimanager:ObjectWirelesscontrollerVap
    properties:
      _centmgmt: enable
      _intfAllowaccesses:
        - http
        - https
        - ping
        - ssh
      _intfDeviceIdentification: enable
      _intfDeviceNetscan: disable
      _intfDhcp6RelayService: disable
      _intfDhcp6RelayType: regular
      _intfDhcpRelayService: disable
      _intfDhcpRelayType: regular
      _intfListenForticlientConnection: disable
      atfWeight: 20
      broadcastSsid: enable
      broadcastSuppressions:
        - arp-known
        - dhcp-ucast
        - dhcp-up
      bssColorPartial: enable
      dhcpOption43Insertion: enable
      dhcpOption82CircuitIdInsertion: disable
      dhcpOption82Insertion: disable
      dhcpOption82RemoteIdInsertion: disable
      eapReauth: disable
      eapReauthIntv: 86400
      eapolKeyRetries: enable
      encrypt: AES
      externalFastRoaming: disable
      fastBssTransition: disable
      fastRoaming: enable
      ftMobilityDomain: 1000
      ftOverDs: enable
      ftR0KeyLifetime: 480
      gtkRekey: disable
      gtkRekeyIntv: 86400
      highEfficiency: enable
      igmpSnooping: disable
      intraVapPrivacy: disable
      ipv6Rules:
        - drop-dhcp6c
        - drop-dhcp6s
        - drop-icmp6mld2
        - drop-icmp6ra
        - drop-icmp6rs
        - drop-llmnr6
        - drop-ns-dad
        - ndp-proxy
      ldpc: rxtx
      localAuthentication: disable
      localBridging: disable
      localLan: allow
      localStandalone: disable
      macAuthBypass: disable
      macFilter: disable
      macFilterPolicyOther: allow
      meDisableThresh: 32
      meshBackhaul: disable
      mpsk: disable
      muMimo: enable
      multicastEnhance: disable
      multicastRate: '0'
      okc: enable
      oweTransition: disable
      passphrases:
        - fortinet
      pmf: disable
      pmfAssocComebackTimeout: 1
      pmfSaQueryRetryTimeout: 2
      portMacauth: disable
      portMacauthReauthTimeout: 7200
      portMacauthTimeout: 600
      probeRespSuppression: disable
      probeRespThreshold: '-80'
      ptkRekey: disable
      ptkRekeyIntv: 86400
      quarantine: enable
      radio2gThreshold: '-79'
      radio5gThreshold: '-76'
      radioSensitivity: disable
      radiusMacAuth: disable
      security: wpa2-only-personal
      securityObsoleteOption: disable
      splitTunneling: disable
      ssid: fortinet
      stickyClientRemove: disable
      stickyClientThreshold2g: '-79'
      stickyClientThreshold5g: '-76'
      targetWakeTime: enable
      tkipCounterMeasure: enable
      vlanAuto: disable
      vlanPooling: disable
      voiceEnterprise: disable
Create ObjectWirelesscontrollerVap Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectWirelesscontrollerVap(name: string, args?: ObjectWirelesscontrollerVapArgs, opts?: CustomResourceOptions);@overload
def ObjectWirelesscontrollerVap(resource_name: str,
                                args: Optional[ObjectWirelesscontrollerVapArgs] = None,
                                opts: Optional[ResourceOptions] = None)
@overload
def ObjectWirelesscontrollerVap(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                _centmgmt: Optional[str] = None,
                                _dhcp_svr_id: Optional[str] = None,
                                _intf_allowaccesses: Optional[Sequence[str]] = None,
                                _intf_device_access_list: Optional[str] = None,
                                _intf_device_identification: Optional[str] = None,
                                _intf_device_netscan: Optional[str] = None,
                                _intf_dhcp6_relay_ip: Optional[str] = None,
                                _intf_dhcp6_relay_service: Optional[str] = None,
                                _intf_dhcp6_relay_type: Optional[str] = None,
                                _intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
                                _intf_dhcp_relay_service: Optional[str] = None,
                                _intf_dhcp_relay_type: Optional[str] = None,
                                _intf_ip: Optional[str] = None,
                                _intf_ip6_address: Optional[str] = None,
                                _intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
                                _intf_listen_forticlient_connection: Optional[str] = None,
                                _is_factory_setting: Optional[str] = None,
                                access_control_list: Optional[str] = None,
                                acct_interim_interval: Optional[float] = None,
                                additional_akms: Optional[Sequence[str]] = None,
                                address_group: Optional[str] = None,
                                address_group_policy: Optional[str] = None,
                                adom: Optional[str] = None,
                                alias: Optional[str] = None,
                                antivirus_profile: Optional[str] = None,
                                application_detection_engine: Optional[str] = None,
                                application_dscp_marking: Optional[str] = None,
                                application_list: Optional[str] = None,
                                application_report_intv: Optional[float] = None,
                                atf_weight: Optional[float] = None,
                                auth: Optional[str] = None,
                                auth_cert: Optional[str] = None,
                                auth_portal_addr: Optional[str] = None,
                                beacon_advertisings: Optional[Sequence[str]] = None,
                                broadcast_ssid: Optional[str] = None,
                                broadcast_suppressions: Optional[Sequence[str]] = None,
                                bss_color_partial: Optional[str] = None,
                                bstm_disassociation_imminent: Optional[str] = None,
                                bstm_load_balancing_disassoc_timer: Optional[float] = None,
                                bstm_rssi_disassoc_timer: Optional[float] = None,
                                captive_portal_ac_name: Optional[str] = None,
                                captive_portal_auth_timeout: Optional[float] = None,
                                captive_portal_fw_accounting: Optional[str] = None,
                                captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
                                captive_portal_macauth_radius_server: Optional[str] = None,
                                captive_portal_radius_secrets: Optional[Sequence[str]] = None,
                                captive_portal_radius_server: Optional[str] = None,
                                captive_portal_session_timeout_interval: Optional[float] = None,
                                dhcp_address_enforcement: Optional[str] = None,
                                dhcp_lease_time: Optional[float] = None,
                                dhcp_option43_insertion: Optional[str] = None,
                                dhcp_option82_circuit_id_insertion: Optional[str] = None,
                                dhcp_option82_insertion: Optional[str] = None,
                                dhcp_option82_remote_id_insertion: Optional[str] = None,
                                dynamic_mappings: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]] = None,
                                dynamic_sort_subtable: Optional[str] = None,
                                dynamic_vlan: Optional[str] = None,
                                eap_reauth: Optional[str] = None,
                                eap_reauth_intv: Optional[float] = None,
                                eapol_key_retries: Optional[str] = None,
                                encrypt: Optional[str] = None,
                                external_fast_roaming: Optional[str] = None,
                                external_logout: Optional[str] = None,
                                external_web: Optional[str] = None,
                                external_web_format: Optional[str] = None,
                                fast_bss_transition: Optional[str] = None,
                                fast_roaming: Optional[str] = None,
                                ft_mobility_domain: Optional[float] = None,
                                ft_over_ds: Optional[str] = None,
                                ft_r0_key_lifetime: Optional[float] = None,
                                gas_comeback_delay: Optional[float] = None,
                                gas_fragmentation_limit: Optional[float] = None,
                                gtk_rekey: Optional[str] = None,
                                gtk_rekey_intv: Optional[float] = None,
                                high_efficiency: Optional[str] = None,
                                hotspot20_profile: Optional[str] = None,
                                igmp_snooping: Optional[str] = None,
                                intra_vap_privacy: Optional[str] = None,
                                ip: Optional[str] = None,
                                ips_sensor: Optional[str] = None,
                                ipv6_rules: Optional[Sequence[str]] = None,
                                keyindex: Optional[float] = None,
                                keys: Optional[Sequence[str]] = None,
                                l3_roaming: Optional[str] = None,
                                l3_roaming_mode: Optional[str] = None,
                                ldpc: Optional[str] = None,
                                local_authentication: Optional[str] = None,
                                local_bridging: Optional[str] = None,
                                local_lan: Optional[str] = None,
                                local_standalone: Optional[str] = None,
                                local_standalone_dns: Optional[str] = None,
                                local_standalone_dns_ips: Optional[Sequence[str]] = None,
                                local_standalone_nat: Optional[str] = None,
                                mac_auth_bypass: Optional[str] = None,
                                mac_called_station_delimiter: Optional[str] = None,
                                mac_calling_station_delimiter: Optional[str] = None,
                                mac_case: Optional[str] = None,
                                mac_filter: Optional[str] = None,
                                mac_filter_lists: Optional[Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]] = None,
                                mac_filter_policy_other: Optional[str] = None,
                                mac_password_delimiter: Optional[str] = None,
                                mac_username_delimiter: Optional[str] = None,
                                max_clients: Optional[float] = None,
                                max_clients_ap: Optional[float] = None,
                                mbo: Optional[str] = None,
                                mbo_cell_data_conn_pref: Optional[str] = None,
                                me_disable_thresh: Optional[float] = None,
                                mesh_backhaul: Optional[str] = None,
                                mpsk: Optional[str] = None,
                                mpsk_concurrent_clients: Optional[float] = None,
                                mpsk_keys: Optional[Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]] = None,
                                mpsk_profile: Optional[str] = None,
                                mu_mimo: Optional[str] = None,
                                multicast_enhance: Optional[str] = None,
                                multicast_rate: Optional[str] = None,
                                n80211k: Optional[str] = None,
                                n80211v: Optional[str] = None,
                                nac: Optional[str] = None,
                                nac_profile: Optional[str] = None,
                                name: Optional[str] = None,
                                neighbor_report_dual_band: Optional[str] = None,
                                object_wirelesscontroller_vap_id: Optional[str] = None,
                                okc: Optional[str] = None,
                                osen: Optional[str] = None,
                                owe_groups: Optional[Sequence[str]] = None,
                                owe_transition: Optional[str] = None,
                                owe_transition_ssid: Optional[str] = None,
                                passphrases: Optional[Sequence[str]] = None,
                                pmf: Optional[str] = None,
                                pmf_assoc_comeback_timeout: Optional[float] = None,
                                pmf_sa_query_retry_timeout: Optional[float] = None,
                                port_macauth: Optional[str] = None,
                                port_macauth_reauth_timeout: Optional[float] = None,
                                port_macauth_timeout: Optional[float] = None,
                                portal_message_override_group: Optional[str] = None,
                                portal_message_overrides: Optional[ObjectWirelesscontrollerVapPortalMessageOverridesArgs] = None,
                                portal_type: Optional[str] = None,
                                primary_wag_profile: Optional[str] = None,
                                probe_resp_suppression: Optional[str] = None,
                                probe_resp_threshold: Optional[str] = None,
                                ptk_rekey: Optional[str] = None,
                                ptk_rekey_intv: Optional[float] = None,
                                qos_profile: Optional[str] = None,
                                quarantine: Optional[str] = None,
                                radio2g_threshold: Optional[str] = None,
                                radio5g_threshold: Optional[str] = None,
                                radio_sensitivity: Optional[str] = None,
                                radius_mac_auth: Optional[str] = None,
                                radius_mac_auth_block_interval: Optional[float] = None,
                                radius_mac_auth_server: Optional[str] = None,
                                radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
                                radius_mac_mpsk_auth: Optional[str] = None,
                                radius_mac_mpsk_timeout: Optional[float] = None,
                                radius_server: Optional[str] = None,
                                rates11ac_mcs_map: Optional[str] = None,
                                rates11ac_ss12s: Optional[Sequence[str]] = None,
                                rates11ac_ss34s: Optional[Sequence[str]] = None,
                                rates11as: Optional[Sequence[str]] = None,
                                rates11ax_mcs_map: Optional[str] = None,
                                rates11ax_ss12s: Optional[Sequence[str]] = None,
                                rates11ax_ss34s: Optional[Sequence[str]] = None,
                                rates11bgs: Optional[Sequence[str]] = None,
                                rates11n_ss12s: Optional[Sequence[str]] = None,
                                rates11n_ss34s: Optional[Sequence[str]] = None,
                                roaming_acct_interim_update: Optional[str] = None,
                                sae_groups: Optional[Sequence[str]] = None,
                                sae_h2e_only: Optional[str] = None,
                                sae_hnp_only: Optional[str] = None,
                                sae_passwords: Optional[Sequence[str]] = None,
                                sae_pk: Optional[str] = None,
                                sae_private_key: Optional[str] = None,
                                scan_botnet_connections: Optional[str] = None,
                                schedules: Optional[Sequence[str]] = None,
                                scopetype: Optional[str] = None,
                                secondary_wag_profile: Optional[str] = None,
                                security: Optional[str] = None,
                                security_exempt_list: Optional[str] = None,
                                security_obsolete_option: Optional[str] = None,
                                security_redirect_url: Optional[str] = None,
                                selected_usergroups: Optional[str] = None,
                                split_tunneling: Optional[str] = None,
                                ssid: Optional[str] = None,
                                sticky_client_remove: Optional[str] = None,
                                sticky_client_threshold2g: Optional[str] = None,
                                sticky_client_threshold5g: Optional[str] = None,
                                sticky_client_threshold6g: Optional[str] = None,
                                target_wake_time: Optional[str] = None,
                                tkip_counter_measure: Optional[str] = None,
                                tunnel_echo_interval: Optional[float] = None,
                                tunnel_fallback_interval: Optional[float] = None,
                                usergroup: Optional[str] = None,
                                utm_log: Optional[str] = None,
                                utm_profile: Optional[str] = None,
                                utm_status: Optional[str] = None,
                                vdom: Optional[str] = None,
                                vlan_auto: Optional[str] = None,
                                vlan_names: Optional[Sequence[ObjectWirelesscontrollerVapVlanNameArgs]] = None,
                                vlan_pooling: Optional[str] = None,
                                vlan_pools: Optional[Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]] = None,
                                vlanid: Optional[float] = None,
                                voice_enterprise: Optional[str] = None,
                                webfilter_profile: Optional[str] = None)func NewObjectWirelesscontrollerVap(ctx *Context, name string, args *ObjectWirelesscontrollerVapArgs, opts ...ResourceOption) (*ObjectWirelesscontrollerVap, error)public ObjectWirelesscontrollerVap(string name, ObjectWirelesscontrollerVapArgs? args = null, CustomResourceOptions? opts = null)
public ObjectWirelesscontrollerVap(String name, ObjectWirelesscontrollerVapArgs args)
public ObjectWirelesscontrollerVap(String name, ObjectWirelesscontrollerVapArgs args, CustomResourceOptions options)
type: fortimanager:ObjectWirelesscontrollerVap
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectWirelesscontrollerVapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectWirelesscontrollerVapArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectWirelesscontrollerVapArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectWirelesscontrollerVapArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectWirelesscontrollerVapArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectWirelesscontrollerVapResource = new Fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", new()
{
    _centmgmt = "string",
    _dhcpSvrId = "string",
    _intfAllowaccesses = new[]
    {
        "string",
    },
    _intfDeviceAccessList = "string",
    _intfDeviceIdentification = "string",
    _intfDeviceNetscan = "string",
    _intfDhcp6RelayIp = "string",
    _intfDhcp6RelayService = "string",
    _intfDhcp6RelayType = "string",
    _intfDhcpRelayIps = new[]
    {
        "string",
    },
    _intfDhcpRelayService = "string",
    _intfDhcpRelayType = "string",
    _intfIp = "string",
    _intfIp6Address = "string",
    _intfIp6Allowaccesses = new[]
    {
        "string",
    },
    _intfListenForticlientConnection = "string",
    _isFactorySetting = "string",
    AccessControlList = "string",
    AcctInterimInterval = 0,
    AdditionalAkms = new[]
    {
        "string",
    },
    AddressGroup = "string",
    AddressGroupPolicy = "string",
    Adom = "string",
    Alias = "string",
    AntivirusProfile = "string",
    ApplicationDetectionEngine = "string",
    ApplicationDscpMarking = "string",
    ApplicationList = "string",
    ApplicationReportIntv = 0,
    AtfWeight = 0,
    Auth = "string",
    AuthCert = "string",
    AuthPortalAddr = "string",
    BeaconAdvertisings = new[]
    {
        "string",
    },
    BroadcastSsid = "string",
    BroadcastSuppressions = new[]
    {
        "string",
    },
    BssColorPartial = "string",
    BstmDisassociationImminent = "string",
    BstmLoadBalancingDisassocTimer = 0,
    BstmRssiDisassocTimer = 0,
    CaptivePortalAcName = "string",
    CaptivePortalAuthTimeout = 0,
    CaptivePortalFwAccounting = "string",
    CaptivePortalMacauthRadiusSecrets = new[]
    {
        "string",
    },
    CaptivePortalMacauthRadiusServer = "string",
    CaptivePortalRadiusSecrets = new[]
    {
        "string",
    },
    CaptivePortalRadiusServer = "string",
    CaptivePortalSessionTimeoutInterval = 0,
    DhcpAddressEnforcement = "string",
    DhcpLeaseTime = 0,
    DhcpOption43Insertion = "string",
    DhcpOption82CircuitIdInsertion = "string",
    DhcpOption82Insertion = "string",
    DhcpOption82RemoteIdInsertion = "string",
    DynamicMappings = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapDynamicMappingArgs
        {
            _centmgmt = "string",
            _dhcpSvrId = "string",
            _intfAllowaccesses = new[]
            {
                "string",
            },
            _intfDeviceAccessList = "string",
            _intfDeviceIdentification = "string",
            _intfDeviceNetscan = "string",
            _intfDhcp6RelayIp = "string",
            _intfDhcp6RelayService = "string",
            _intfDhcp6RelayType = "string",
            _intfDhcpRelayIps = new[]
            {
                "string",
            },
            _intfDhcpRelayService = "string",
            _intfDhcpRelayType = "string",
            _intfIp = "string",
            _intfIp6Address = "string",
            _intfIp6Allowaccesses = new[]
            {
                "string",
            },
            _intfListenForticlientConnection = "string",
            _isFactorySetting = "string",
            _scopes = new[]
            {
                new Fortimanager.Inputs.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs
                {
                    Name = "string",
                    Vdom = "string",
                },
            },
            AccessControlList = "string",
            AcctInterimInterval = 0,
            AdditionalAkms = new[]
            {
                "string",
            },
            AddressGroup = "string",
            AddressGroupPolicy = "string",
            Alias = "string",
            AntivirusProfile = "string",
            ApplicationDetectionEngine = "string",
            ApplicationDscpMarking = "string",
            ApplicationList = "string",
            ApplicationReportIntv = 0,
            AtfWeight = 0,
            Auth = "string",
            AuthCert = "string",
            AuthPortalAddr = "string",
            BeaconAdvertisings = new[]
            {
                "string",
            },
            BroadcastSsid = "string",
            BroadcastSuppressions = new[]
            {
                "string",
            },
            BssColorPartial = "string",
            BstmDisassociationImminent = "string",
            BstmLoadBalancingDisassocTimer = 0,
            BstmRssiDisassocTimer = 0,
            CaptivePortalAcName = "string",
            CaptivePortalAuthTimeout = 0,
            CaptivePortalFwAccounting = "string",
            CaptivePortalMacauthRadiusSecrets = new[]
            {
                "string",
            },
            CaptivePortalMacauthRadiusServer = "string",
            CaptivePortalRadiusSecrets = new[]
            {
                "string",
            },
            CaptivePortalRadiusServer = "string",
            CaptivePortalSessionTimeoutInterval = 0,
            ClientCount = 0,
            DhcpAddressEnforcement = "string",
            DhcpLeaseTime = 0,
            DhcpOption43Insertion = "string",
            DhcpOption82CircuitIdInsertion = "string",
            DhcpOption82Insertion = "string",
            DhcpOption82RemoteIdInsertion = "string",
            DynamicVlan = "string",
            EapReauth = "string",
            EapReauthIntv = 0,
            EapolKeyRetries = "string",
            Encrypt = "string",
            ExternalFastRoaming = "string",
            ExternalLogout = "string",
            ExternalWeb = "string",
            ExternalWebFormat = "string",
            FastBssTransition = "string",
            FastRoaming = "string",
            FtMobilityDomain = 0,
            FtOverDs = "string",
            FtR0KeyLifetime = 0,
            GasComebackDelay = 0,
            GasFragmentationLimit = 0,
            GtkRekey = "string",
            GtkRekeyIntv = 0,
            HighEfficiency = "string",
            Hotspot20Profile = "string",
            IgmpSnooping = "string",
            IntraVapPrivacy = "string",
            Ip = "string",
            IpsSensor = "string",
            Ipv6Rules = new[]
            {
                "string",
            },
            Keyindex = 0,
            Keys = new[]
            {
                "string",
            },
            L3Roaming = "string",
            L3RoamingMode = "string",
            Ldpc = "string",
            LocalAuthentication = "string",
            LocalBridging = "string",
            LocalLan = "string",
            LocalStandalone = "string",
            LocalStandaloneDns = "string",
            LocalStandaloneDnsIps = new[]
            {
                "string",
            },
            LocalStandaloneNat = "string",
            LocalSwitching = "string",
            MacAuthBypass = "string",
            MacCalledStationDelimiter = "string",
            MacCallingStationDelimiter = "string",
            MacCase = "string",
            MacFilter = "string",
            MacFilterPolicyOther = "string",
            MacPasswordDelimiter = "string",
            MacUsernameDelimiter = "string",
            MaxClients = 0,
            MaxClientsAp = 0,
            Mbo = "string",
            MboCellDataConnPref = "string",
            MeDisableThresh = 0,
            MeshBackhaul = "string",
            Mpsk = "string",
            MpskConcurrentClients = 0,
            MpskProfile = "string",
            MuMimo = "string",
            MulticastEnhance = "string",
            MulticastRate = "string",
            N80211k = "string",
            N80211v = "string",
            Nac = "string",
            NacProfile = "string",
            NeighborReportDualBand = "string",
            Okc = "string",
            Osen = "string",
            OweGroups = new[]
            {
                "string",
            },
            OweTransition = "string",
            OweTransitionSsid = "string",
            Passphrases = new[]
            {
                "string",
            },
            Pmf = "string",
            PmfAssocComebackTimeout = 0,
            PmfSaQueryRetryTimeout = 0,
            PortMacauth = "string",
            PortMacauthReauthTimeout = 0,
            PortMacauthTimeout = 0,
            PortalMessageOverrideGroup = "string",
            PortalType = "string",
            PrimaryWagProfile = "string",
            ProbeRespSuppression = "string",
            ProbeRespThreshold = "string",
            PtkRekey = "string",
            PtkRekeyIntv = 0,
            QosProfile = "string",
            Quarantine = "string",
            Radio2gThreshold = "string",
            Radio5gThreshold = "string",
            RadioSensitivity = "string",
            RadiusMacAuth = "string",
            RadiusMacAuthBlockInterval = 0,
            RadiusMacAuthServer = "string",
            RadiusMacAuthUsergroups = new[]
            {
                "string",
            },
            RadiusMacMpskAuth = "string",
            RadiusMacMpskTimeout = 0,
            RadiusServer = "string",
            Rates11acMcsMap = "string",
            Rates11acSs12s = new[]
            {
                "string",
            },
            Rates11acSs34s = new[]
            {
                "string",
            },
            Rates11as = new[]
            {
                "string",
            },
            Rates11axMcsMap = "string",
            Rates11axSs12s = new[]
            {
                "string",
            },
            Rates11axSs34s = new[]
            {
                "string",
            },
            Rates11bgs = new[]
            {
                "string",
            },
            Rates11nSs12s = new[]
            {
                "string",
            },
            Rates11nSs34s = new[]
            {
                "string",
            },
            RoamingAcctInterimUpdate = "string",
            SaeGroups = new[]
            {
                "string",
            },
            SaeH2eOnly = "string",
            SaeHnpOnly = "string",
            SaePasswords = new[]
            {
                "string",
            },
            SaePk = "string",
            SaePrivateKey = "string",
            ScanBotnetConnections = "string",
            Schedule = "string",
            SecondaryWagProfile = "string",
            Security = "string",
            SecurityExemptList = "string",
            SecurityObsoleteOption = "string",
            SecurityRedirectUrl = "string",
            SelectedUsergroups = "string",
            SplitTunneling = "string",
            Ssid = "string",
            StickyClientRemove = "string",
            StickyClientThreshold2g = "string",
            StickyClientThreshold5g = "string",
            StickyClientThreshold6g = "string",
            TargetWakeTime = "string",
            TkipCounterMeasure = "string",
            TunnelEchoInterval = 0,
            TunnelFallbackInterval = 0,
            Usergroup = "string",
            UtmLog = "string",
            UtmProfile = "string",
            UtmStatus = "string",
            Vdom = "string",
            VlanAuto = "string",
            VlanPooling = "string",
            Vlanid = 0,
            VoiceEnterprise = "string",
            WebfilterProfile = "string",
        },
    },
    DynamicSortSubtable = "string",
    DynamicVlan = "string",
    EapReauth = "string",
    EapReauthIntv = 0,
    EapolKeyRetries = "string",
    Encrypt = "string",
    ExternalFastRoaming = "string",
    ExternalLogout = "string",
    ExternalWeb = "string",
    ExternalWebFormat = "string",
    FastBssTransition = "string",
    FastRoaming = "string",
    FtMobilityDomain = 0,
    FtOverDs = "string",
    FtR0KeyLifetime = 0,
    GasComebackDelay = 0,
    GasFragmentationLimit = 0,
    GtkRekey = "string",
    GtkRekeyIntv = 0,
    HighEfficiency = "string",
    Hotspot20Profile = "string",
    IgmpSnooping = "string",
    IntraVapPrivacy = "string",
    Ip = "string",
    IpsSensor = "string",
    Ipv6Rules = new[]
    {
        "string",
    },
    Keyindex = 0,
    Keys = new[]
    {
        "string",
    },
    L3Roaming = "string",
    L3RoamingMode = "string",
    Ldpc = "string",
    LocalAuthentication = "string",
    LocalBridging = "string",
    LocalLan = "string",
    LocalStandalone = "string",
    LocalStandaloneDns = "string",
    LocalStandaloneDnsIps = new[]
    {
        "string",
    },
    LocalStandaloneNat = "string",
    MacAuthBypass = "string",
    MacCalledStationDelimiter = "string",
    MacCallingStationDelimiter = "string",
    MacCase = "string",
    MacFilter = "string",
    MacFilterLists = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapMacFilterListArgs
        {
            Id = 0,
            Mac = "string",
            MacFilterPolicy = "string",
        },
    },
    MacFilterPolicyOther = "string",
    MacPasswordDelimiter = "string",
    MacUsernameDelimiter = "string",
    MaxClients = 0,
    MaxClientsAp = 0,
    Mbo = "string",
    MboCellDataConnPref = "string",
    MeDisableThresh = 0,
    MeshBackhaul = "string",
    Mpsk = "string",
    MpskConcurrentClients = 0,
    MpskKeys = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapMpskKeyArgs
        {
            Comment = "string",
            ConcurrentClients = "string",
            KeyName = "string",
            MpskSchedules = "string",
            Passphrases = new[]
            {
                "string",
            },
        },
    },
    MpskProfile = "string",
    MuMimo = "string",
    MulticastEnhance = "string",
    MulticastRate = "string",
    N80211k = "string",
    N80211v = "string",
    Nac = "string",
    NacProfile = "string",
    Name = "string",
    NeighborReportDualBand = "string",
    ObjectWirelesscontrollerVapId = "string",
    Okc = "string",
    Osen = "string",
    OweGroups = new[]
    {
        "string",
    },
    OweTransition = "string",
    OweTransitionSsid = "string",
    Passphrases = new[]
    {
        "string",
    },
    Pmf = "string",
    PmfAssocComebackTimeout = 0,
    PmfSaQueryRetryTimeout = 0,
    PortMacauth = "string",
    PortMacauthReauthTimeout = 0,
    PortMacauthTimeout = 0,
    PortalMessageOverrideGroup = "string",
    PortalMessageOverrides = new Fortimanager.Inputs.ObjectWirelesscontrollerVapPortalMessageOverridesArgs
    {
        AuthDisclaimerPage = "string",
        AuthLoginFailedPage = "string",
        AuthLoginPage = "string",
        AuthRejectPage = "string",
    },
    PortalType = "string",
    PrimaryWagProfile = "string",
    ProbeRespSuppression = "string",
    ProbeRespThreshold = "string",
    PtkRekey = "string",
    PtkRekeyIntv = 0,
    QosProfile = "string",
    Quarantine = "string",
    Radio2gThreshold = "string",
    Radio5gThreshold = "string",
    RadioSensitivity = "string",
    RadiusMacAuth = "string",
    RadiusMacAuthBlockInterval = 0,
    RadiusMacAuthServer = "string",
    RadiusMacAuthUsergroups = new[]
    {
        "string",
    },
    RadiusMacMpskAuth = "string",
    RadiusMacMpskTimeout = 0,
    RadiusServer = "string",
    Rates11acMcsMap = "string",
    Rates11acSs12s = new[]
    {
        "string",
    },
    Rates11acSs34s = new[]
    {
        "string",
    },
    Rates11as = new[]
    {
        "string",
    },
    Rates11axMcsMap = "string",
    Rates11axSs12s = new[]
    {
        "string",
    },
    Rates11axSs34s = new[]
    {
        "string",
    },
    Rates11bgs = new[]
    {
        "string",
    },
    Rates11nSs12s = new[]
    {
        "string",
    },
    Rates11nSs34s = new[]
    {
        "string",
    },
    RoamingAcctInterimUpdate = "string",
    SaeGroups = new[]
    {
        "string",
    },
    SaeH2eOnly = "string",
    SaeHnpOnly = "string",
    SaePasswords = new[]
    {
        "string",
    },
    SaePk = "string",
    SaePrivateKey = "string",
    ScanBotnetConnections = "string",
    Schedules = new[]
    {
        "string",
    },
    Scopetype = "string",
    SecondaryWagProfile = "string",
    Security = "string",
    SecurityExemptList = "string",
    SecurityObsoleteOption = "string",
    SecurityRedirectUrl = "string",
    SelectedUsergroups = "string",
    SplitTunneling = "string",
    Ssid = "string",
    StickyClientRemove = "string",
    StickyClientThreshold2g = "string",
    StickyClientThreshold5g = "string",
    StickyClientThreshold6g = "string",
    TargetWakeTime = "string",
    TkipCounterMeasure = "string",
    TunnelEchoInterval = 0,
    TunnelFallbackInterval = 0,
    Usergroup = "string",
    UtmLog = "string",
    UtmProfile = "string",
    UtmStatus = "string",
    Vdom = "string",
    VlanAuto = "string",
    VlanNames = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapVlanNameArgs
        {
            Name = "string",
            VlanId = 0,
        },
    },
    VlanPooling = "string",
    VlanPools = new[]
    {
        new Fortimanager.Inputs.ObjectWirelesscontrollerVapVlanPoolArgs
        {
            _wtpGroup = "string",
            Id = 0,
        },
    },
    Vlanid = 0,
    VoiceEnterprise = "string",
    WebfilterProfile = "string",
});
example, err := fortimanager.NewObjectWirelesscontrollerVap(ctx, "objectWirelesscontrollerVapResource", &fortimanager.ObjectWirelesscontrollerVapArgs{
	_centmgmt:  pulumi.String("string"),
	_dhcpSvrId: pulumi.String("string"),
	_intfAllowaccesses: pulumi.StringArray{
		pulumi.String("string"),
	},
	_intfDeviceAccessList:     pulumi.String("string"),
	_intfDeviceIdentification: pulumi.String("string"),
	_intfDeviceNetscan:        pulumi.String("string"),
	_intfDhcp6RelayIp:         pulumi.String("string"),
	_intfDhcp6RelayService:    pulumi.String("string"),
	_intfDhcp6RelayType:       pulumi.String("string"),
	_intfDhcpRelayIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	_intfDhcpRelayService: pulumi.String("string"),
	_intfDhcpRelayType:    pulumi.String("string"),
	_intfIp:               pulumi.String("string"),
	_intfIp6Address:       pulumi.String("string"),
	_intfIp6Allowaccesses: pulumi.StringArray{
		pulumi.String("string"),
	},
	_intfListenForticlientConnection: pulumi.String("string"),
	_isFactorySetting:                pulumi.String("string"),
	AccessControlList:                pulumi.String("string"),
	AcctInterimInterval:              pulumi.Float64(0),
	AdditionalAkms: pulumi.StringArray{
		pulumi.String("string"),
	},
	AddressGroup:               pulumi.String("string"),
	AddressGroupPolicy:         pulumi.String("string"),
	Adom:                       pulumi.String("string"),
	Alias:                      pulumi.String("string"),
	AntivirusProfile:           pulumi.String("string"),
	ApplicationDetectionEngine: pulumi.String("string"),
	ApplicationDscpMarking:     pulumi.String("string"),
	ApplicationList:            pulumi.String("string"),
	ApplicationReportIntv:      pulumi.Float64(0),
	AtfWeight:                  pulumi.Float64(0),
	Auth:                       pulumi.String("string"),
	AuthCert:                   pulumi.String("string"),
	AuthPortalAddr:             pulumi.String("string"),
	BeaconAdvertisings: pulumi.StringArray{
		pulumi.String("string"),
	},
	BroadcastSsid: pulumi.String("string"),
	BroadcastSuppressions: pulumi.StringArray{
		pulumi.String("string"),
	},
	BssColorPartial:                pulumi.String("string"),
	BstmDisassociationImminent:     pulumi.String("string"),
	BstmLoadBalancingDisassocTimer: pulumi.Float64(0),
	BstmRssiDisassocTimer:          pulumi.Float64(0),
	CaptivePortalAcName:            pulumi.String("string"),
	CaptivePortalAuthTimeout:       pulumi.Float64(0),
	CaptivePortalFwAccounting:      pulumi.String("string"),
	CaptivePortalMacauthRadiusSecrets: pulumi.StringArray{
		pulumi.String("string"),
	},
	CaptivePortalMacauthRadiusServer: pulumi.String("string"),
	CaptivePortalRadiusSecrets: pulumi.StringArray{
		pulumi.String("string"),
	},
	CaptivePortalRadiusServer:           pulumi.String("string"),
	CaptivePortalSessionTimeoutInterval: pulumi.Float64(0),
	DhcpAddressEnforcement:              pulumi.String("string"),
	DhcpLeaseTime:                       pulumi.Float64(0),
	DhcpOption43Insertion:               pulumi.String("string"),
	DhcpOption82CircuitIdInsertion:      pulumi.String("string"),
	DhcpOption82Insertion:               pulumi.String("string"),
	DhcpOption82RemoteIdInsertion:       pulumi.String("string"),
	DynamicMappings: fortimanager.ObjectWirelesscontrollerVapDynamicMappingTypeArray{
		&fortimanager.ObjectWirelesscontrollerVapDynamicMappingTypeArgs{
			_centmgmt:  pulumi.String("string"),
			_dhcpSvrId: pulumi.String("string"),
			_intfAllowaccesses: pulumi.StringArray{
				pulumi.String("string"),
			},
			_intfDeviceAccessList:     pulumi.String("string"),
			_intfDeviceIdentification: pulumi.String("string"),
			_intfDeviceNetscan:        pulumi.String("string"),
			_intfDhcp6RelayIp:         pulumi.String("string"),
			_intfDhcp6RelayService:    pulumi.String("string"),
			_intfDhcp6RelayType:       pulumi.String("string"),
			_intfDhcpRelayIps: pulumi.StringArray{
				pulumi.String("string"),
			},
			_intfDhcpRelayService: pulumi.String("string"),
			_intfDhcpRelayType:    pulumi.String("string"),
			_intfIp:               pulumi.String("string"),
			_intfIp6Address:       pulumi.String("string"),
			_intfIp6Allowaccesses: pulumi.StringArray{
				pulumi.String("string"),
			},
			_intfListenForticlientConnection: pulumi.String("string"),
			_isFactorySetting:                pulumi.String("string"),
			_scopes: fortimanager.ObjectWirelesscontrollerVapDynamicMapping_ScopeArray{
				&fortimanager.ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs{
					Name: pulumi.String("string"),
					Vdom: pulumi.String("string"),
				},
			},
			AccessControlList:   pulumi.String("string"),
			AcctInterimInterval: pulumi.Float64(0),
			AdditionalAkms: pulumi.StringArray{
				pulumi.String("string"),
			},
			AddressGroup:               pulumi.String("string"),
			AddressGroupPolicy:         pulumi.String("string"),
			Alias:                      pulumi.String("string"),
			AntivirusProfile:           pulumi.String("string"),
			ApplicationDetectionEngine: pulumi.String("string"),
			ApplicationDscpMarking:     pulumi.String("string"),
			ApplicationList:            pulumi.String("string"),
			ApplicationReportIntv:      pulumi.Float64(0),
			AtfWeight:                  pulumi.Float64(0),
			Auth:                       pulumi.String("string"),
			AuthCert:                   pulumi.String("string"),
			AuthPortalAddr:             pulumi.String("string"),
			BeaconAdvertisings: pulumi.StringArray{
				pulumi.String("string"),
			},
			BroadcastSsid: pulumi.String("string"),
			BroadcastSuppressions: pulumi.StringArray{
				pulumi.String("string"),
			},
			BssColorPartial:                pulumi.String("string"),
			BstmDisassociationImminent:     pulumi.String("string"),
			BstmLoadBalancingDisassocTimer: pulumi.Float64(0),
			BstmRssiDisassocTimer:          pulumi.Float64(0),
			CaptivePortalAcName:            pulumi.String("string"),
			CaptivePortalAuthTimeout:       pulumi.Float64(0),
			CaptivePortalFwAccounting:      pulumi.String("string"),
			CaptivePortalMacauthRadiusSecrets: pulumi.StringArray{
				pulumi.String("string"),
			},
			CaptivePortalMacauthRadiusServer: pulumi.String("string"),
			CaptivePortalRadiusSecrets: pulumi.StringArray{
				pulumi.String("string"),
			},
			CaptivePortalRadiusServer:           pulumi.String("string"),
			CaptivePortalSessionTimeoutInterval: pulumi.Float64(0),
			ClientCount:                         pulumi.Float64(0),
			DhcpAddressEnforcement:              pulumi.String("string"),
			DhcpLeaseTime:                       pulumi.Float64(0),
			DhcpOption43Insertion:               pulumi.String("string"),
			DhcpOption82CircuitIdInsertion:      pulumi.String("string"),
			DhcpOption82Insertion:               pulumi.String("string"),
			DhcpOption82RemoteIdInsertion:       pulumi.String("string"),
			DynamicVlan:                         pulumi.String("string"),
			EapReauth:                           pulumi.String("string"),
			EapReauthIntv:                       pulumi.Float64(0),
			EapolKeyRetries:                     pulumi.String("string"),
			Encrypt:                             pulumi.String("string"),
			ExternalFastRoaming:                 pulumi.String("string"),
			ExternalLogout:                      pulumi.String("string"),
			ExternalWeb:                         pulumi.String("string"),
			ExternalWebFormat:                   pulumi.String("string"),
			FastBssTransition:                   pulumi.String("string"),
			FastRoaming:                         pulumi.String("string"),
			FtMobilityDomain:                    pulumi.Float64(0),
			FtOverDs:                            pulumi.String("string"),
			FtR0KeyLifetime:                     pulumi.Float64(0),
			GasComebackDelay:                    pulumi.Float64(0),
			GasFragmentationLimit:               pulumi.Float64(0),
			GtkRekey:                            pulumi.String("string"),
			GtkRekeyIntv:                        pulumi.Float64(0),
			HighEfficiency:                      pulumi.String("string"),
			Hotspot20Profile:                    pulumi.String("string"),
			IgmpSnooping:                        pulumi.String("string"),
			IntraVapPrivacy:                     pulumi.String("string"),
			Ip:                                  pulumi.String("string"),
			IpsSensor:                           pulumi.String("string"),
			Ipv6Rules: pulumi.StringArray{
				pulumi.String("string"),
			},
			Keyindex: pulumi.Float64(0),
			Keys: pulumi.StringArray{
				pulumi.String("string"),
			},
			L3Roaming:           pulumi.String("string"),
			L3RoamingMode:       pulumi.String("string"),
			Ldpc:                pulumi.String("string"),
			LocalAuthentication: pulumi.String("string"),
			LocalBridging:       pulumi.String("string"),
			LocalLan:            pulumi.String("string"),
			LocalStandalone:     pulumi.String("string"),
			LocalStandaloneDns:  pulumi.String("string"),
			LocalStandaloneDnsIps: pulumi.StringArray{
				pulumi.String("string"),
			},
			LocalStandaloneNat:         pulumi.String("string"),
			LocalSwitching:             pulumi.String("string"),
			MacAuthBypass:              pulumi.String("string"),
			MacCalledStationDelimiter:  pulumi.String("string"),
			MacCallingStationDelimiter: pulumi.String("string"),
			MacCase:                    pulumi.String("string"),
			MacFilter:                  pulumi.String("string"),
			MacFilterPolicyOther:       pulumi.String("string"),
			MacPasswordDelimiter:       pulumi.String("string"),
			MacUsernameDelimiter:       pulumi.String("string"),
			MaxClients:                 pulumi.Float64(0),
			MaxClientsAp:               pulumi.Float64(0),
			Mbo:                        pulumi.String("string"),
			MboCellDataConnPref:        pulumi.String("string"),
			MeDisableThresh:            pulumi.Float64(0),
			MeshBackhaul:               pulumi.String("string"),
			Mpsk:                       pulumi.String("string"),
			MpskConcurrentClients:      pulumi.Float64(0),
			MpskProfile:                pulumi.String("string"),
			MuMimo:                     pulumi.String("string"),
			MulticastEnhance:           pulumi.String("string"),
			MulticastRate:              pulumi.String("string"),
			N80211k:                    pulumi.String("string"),
			N80211v:                    pulumi.String("string"),
			Nac:                        pulumi.String("string"),
			NacProfile:                 pulumi.String("string"),
			NeighborReportDualBand:     pulumi.String("string"),
			Okc:                        pulumi.String("string"),
			Osen:                       pulumi.String("string"),
			OweGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			OweTransition:     pulumi.String("string"),
			OweTransitionSsid: pulumi.String("string"),
			Passphrases: pulumi.StringArray{
				pulumi.String("string"),
			},
			Pmf:                        pulumi.String("string"),
			PmfAssocComebackTimeout:    pulumi.Float64(0),
			PmfSaQueryRetryTimeout:     pulumi.Float64(0),
			PortMacauth:                pulumi.String("string"),
			PortMacauthReauthTimeout:   pulumi.Float64(0),
			PortMacauthTimeout:         pulumi.Float64(0),
			PortalMessageOverrideGroup: pulumi.String("string"),
			PortalType:                 pulumi.String("string"),
			PrimaryWagProfile:          pulumi.String("string"),
			ProbeRespSuppression:       pulumi.String("string"),
			ProbeRespThreshold:         pulumi.String("string"),
			PtkRekey:                   pulumi.String("string"),
			PtkRekeyIntv:               pulumi.Float64(0),
			QosProfile:                 pulumi.String("string"),
			Quarantine:                 pulumi.String("string"),
			Radio2gThreshold:           pulumi.String("string"),
			Radio5gThreshold:           pulumi.String("string"),
			RadioSensitivity:           pulumi.String("string"),
			RadiusMacAuth:              pulumi.String("string"),
			RadiusMacAuthBlockInterval: pulumi.Float64(0),
			RadiusMacAuthServer:        pulumi.String("string"),
			RadiusMacAuthUsergroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			RadiusMacMpskAuth:    pulumi.String("string"),
			RadiusMacMpskTimeout: pulumi.Float64(0),
			RadiusServer:         pulumi.String("string"),
			Rates11acMcsMap:      pulumi.String("string"),
			Rates11acSs12s: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11acSs34s: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11as: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11axMcsMap: pulumi.String("string"),
			Rates11axSs12s: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11axSs34s: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11bgs: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11nSs12s: pulumi.StringArray{
				pulumi.String("string"),
			},
			Rates11nSs34s: pulumi.StringArray{
				pulumi.String("string"),
			},
			RoamingAcctInterimUpdate: pulumi.String("string"),
			SaeGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			SaeH2eOnly: pulumi.String("string"),
			SaeHnpOnly: pulumi.String("string"),
			SaePasswords: pulumi.StringArray{
				pulumi.String("string"),
			},
			SaePk:                   pulumi.String("string"),
			SaePrivateKey:           pulumi.String("string"),
			ScanBotnetConnections:   pulumi.String("string"),
			Schedule:                pulumi.String("string"),
			SecondaryWagProfile:     pulumi.String("string"),
			Security:                pulumi.String("string"),
			SecurityExemptList:      pulumi.String("string"),
			SecurityObsoleteOption:  pulumi.String("string"),
			SecurityRedirectUrl:     pulumi.String("string"),
			SelectedUsergroups:      pulumi.String("string"),
			SplitTunneling:          pulumi.String("string"),
			Ssid:                    pulumi.String("string"),
			StickyClientRemove:      pulumi.String("string"),
			StickyClientThreshold2g: pulumi.String("string"),
			StickyClientThreshold5g: pulumi.String("string"),
			StickyClientThreshold6g: pulumi.String("string"),
			TargetWakeTime:          pulumi.String("string"),
			TkipCounterMeasure:      pulumi.String("string"),
			TunnelEchoInterval:      pulumi.Float64(0),
			TunnelFallbackInterval:  pulumi.Float64(0),
			Usergroup:               pulumi.String("string"),
			UtmLog:                  pulumi.String("string"),
			UtmProfile:              pulumi.String("string"),
			UtmStatus:               pulumi.String("string"),
			Vdom:                    pulumi.String("string"),
			VlanAuto:                pulumi.String("string"),
			VlanPooling:             pulumi.String("string"),
			Vlanid:                  pulumi.Float64(0),
			VoiceEnterprise:         pulumi.String("string"),
			WebfilterProfile:        pulumi.String("string"),
		},
	},
	DynamicSortSubtable:   pulumi.String("string"),
	DynamicVlan:           pulumi.String("string"),
	EapReauth:             pulumi.String("string"),
	EapReauthIntv:         pulumi.Float64(0),
	EapolKeyRetries:       pulumi.String("string"),
	Encrypt:               pulumi.String("string"),
	ExternalFastRoaming:   pulumi.String("string"),
	ExternalLogout:        pulumi.String("string"),
	ExternalWeb:           pulumi.String("string"),
	ExternalWebFormat:     pulumi.String("string"),
	FastBssTransition:     pulumi.String("string"),
	FastRoaming:           pulumi.String("string"),
	FtMobilityDomain:      pulumi.Float64(0),
	FtOverDs:              pulumi.String("string"),
	FtR0KeyLifetime:       pulumi.Float64(0),
	GasComebackDelay:      pulumi.Float64(0),
	GasFragmentationLimit: pulumi.Float64(0),
	GtkRekey:              pulumi.String("string"),
	GtkRekeyIntv:          pulumi.Float64(0),
	HighEfficiency:        pulumi.String("string"),
	Hotspot20Profile:      pulumi.String("string"),
	IgmpSnooping:          pulumi.String("string"),
	IntraVapPrivacy:       pulumi.String("string"),
	Ip:                    pulumi.String("string"),
	IpsSensor:             pulumi.String("string"),
	Ipv6Rules: pulumi.StringArray{
		pulumi.String("string"),
	},
	Keyindex: pulumi.Float64(0),
	Keys: pulumi.StringArray{
		pulumi.String("string"),
	},
	L3Roaming:           pulumi.String("string"),
	L3RoamingMode:       pulumi.String("string"),
	Ldpc:                pulumi.String("string"),
	LocalAuthentication: pulumi.String("string"),
	LocalBridging:       pulumi.String("string"),
	LocalLan:            pulumi.String("string"),
	LocalStandalone:     pulumi.String("string"),
	LocalStandaloneDns:  pulumi.String("string"),
	LocalStandaloneDnsIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	LocalStandaloneNat:         pulumi.String("string"),
	MacAuthBypass:              pulumi.String("string"),
	MacCalledStationDelimiter:  pulumi.String("string"),
	MacCallingStationDelimiter: pulumi.String("string"),
	MacCase:                    pulumi.String("string"),
	MacFilter:                  pulumi.String("string"),
	MacFilterLists: fortimanager.ObjectWirelesscontrollerVapMacFilterListTypeArray{
		&fortimanager.ObjectWirelesscontrollerVapMacFilterListTypeArgs{
			Id:              pulumi.Float64(0),
			Mac:             pulumi.String("string"),
			MacFilterPolicy: pulumi.String("string"),
		},
	},
	MacFilterPolicyOther:  pulumi.String("string"),
	MacPasswordDelimiter:  pulumi.String("string"),
	MacUsernameDelimiter:  pulumi.String("string"),
	MaxClients:            pulumi.Float64(0),
	MaxClientsAp:          pulumi.Float64(0),
	Mbo:                   pulumi.String("string"),
	MboCellDataConnPref:   pulumi.String("string"),
	MeDisableThresh:       pulumi.Float64(0),
	MeshBackhaul:          pulumi.String("string"),
	Mpsk:                  pulumi.String("string"),
	MpskConcurrentClients: pulumi.Float64(0),
	MpskKeys: fortimanager.ObjectWirelesscontrollerVapMpskKeyArray{
		&fortimanager.ObjectWirelesscontrollerVapMpskKeyArgs{
			Comment:           pulumi.String("string"),
			ConcurrentClients: pulumi.String("string"),
			KeyName:           pulumi.String("string"),
			MpskSchedules:     pulumi.String("string"),
			Passphrases: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	MpskProfile:                   pulumi.String("string"),
	MuMimo:                        pulumi.String("string"),
	MulticastEnhance:              pulumi.String("string"),
	MulticastRate:                 pulumi.String("string"),
	N80211k:                       pulumi.String("string"),
	N80211v:                       pulumi.String("string"),
	Nac:                           pulumi.String("string"),
	NacProfile:                    pulumi.String("string"),
	Name:                          pulumi.String("string"),
	NeighborReportDualBand:        pulumi.String("string"),
	ObjectWirelesscontrollerVapId: pulumi.String("string"),
	Okc:                           pulumi.String("string"),
	Osen:                          pulumi.String("string"),
	OweGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	OweTransition:     pulumi.String("string"),
	OweTransitionSsid: pulumi.String("string"),
	Passphrases: pulumi.StringArray{
		pulumi.String("string"),
	},
	Pmf:                        pulumi.String("string"),
	PmfAssocComebackTimeout:    pulumi.Float64(0),
	PmfSaQueryRetryTimeout:     pulumi.Float64(0),
	PortMacauth:                pulumi.String("string"),
	PortMacauthReauthTimeout:   pulumi.Float64(0),
	PortMacauthTimeout:         pulumi.Float64(0),
	PortalMessageOverrideGroup: pulumi.String("string"),
	PortalMessageOverrides: &fortimanager.ObjectWirelesscontrollerVapPortalMessageOverridesTypeArgs{
		AuthDisclaimerPage:  pulumi.String("string"),
		AuthLoginFailedPage: pulumi.String("string"),
		AuthLoginPage:       pulumi.String("string"),
		AuthRejectPage:      pulumi.String("string"),
	},
	PortalType:                 pulumi.String("string"),
	PrimaryWagProfile:          pulumi.String("string"),
	ProbeRespSuppression:       pulumi.String("string"),
	ProbeRespThreshold:         pulumi.String("string"),
	PtkRekey:                   pulumi.String("string"),
	PtkRekeyIntv:               pulumi.Float64(0),
	QosProfile:                 pulumi.String("string"),
	Quarantine:                 pulumi.String("string"),
	Radio2gThreshold:           pulumi.String("string"),
	Radio5gThreshold:           pulumi.String("string"),
	RadioSensitivity:           pulumi.String("string"),
	RadiusMacAuth:              pulumi.String("string"),
	RadiusMacAuthBlockInterval: pulumi.Float64(0),
	RadiusMacAuthServer:        pulumi.String("string"),
	RadiusMacAuthUsergroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	RadiusMacMpskAuth:    pulumi.String("string"),
	RadiusMacMpskTimeout: pulumi.Float64(0),
	RadiusServer:         pulumi.String("string"),
	Rates11acMcsMap:      pulumi.String("string"),
	Rates11acSs12s: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11acSs34s: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11as: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11axMcsMap: pulumi.String("string"),
	Rates11axSs12s: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11axSs34s: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11bgs: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11nSs12s: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rates11nSs34s: pulumi.StringArray{
		pulumi.String("string"),
	},
	RoamingAcctInterimUpdate: pulumi.String("string"),
	SaeGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	SaeH2eOnly: pulumi.String("string"),
	SaeHnpOnly: pulumi.String("string"),
	SaePasswords: pulumi.StringArray{
		pulumi.String("string"),
	},
	SaePk:                 pulumi.String("string"),
	SaePrivateKey:         pulumi.String("string"),
	ScanBotnetConnections: pulumi.String("string"),
	Schedules: pulumi.StringArray{
		pulumi.String("string"),
	},
	Scopetype:               pulumi.String("string"),
	SecondaryWagProfile:     pulumi.String("string"),
	Security:                pulumi.String("string"),
	SecurityExemptList:      pulumi.String("string"),
	SecurityObsoleteOption:  pulumi.String("string"),
	SecurityRedirectUrl:     pulumi.String("string"),
	SelectedUsergroups:      pulumi.String("string"),
	SplitTunneling:          pulumi.String("string"),
	Ssid:                    pulumi.String("string"),
	StickyClientRemove:      pulumi.String("string"),
	StickyClientThreshold2g: pulumi.String("string"),
	StickyClientThreshold5g: pulumi.String("string"),
	StickyClientThreshold6g: pulumi.String("string"),
	TargetWakeTime:          pulumi.String("string"),
	TkipCounterMeasure:      pulumi.String("string"),
	TunnelEchoInterval:      pulumi.Float64(0),
	TunnelFallbackInterval:  pulumi.Float64(0),
	Usergroup:               pulumi.String("string"),
	UtmLog:                  pulumi.String("string"),
	UtmProfile:              pulumi.String("string"),
	UtmStatus:               pulumi.String("string"),
	Vdom:                    pulumi.String("string"),
	VlanAuto:                pulumi.String("string"),
	VlanNames: fortimanager.ObjectWirelesscontrollerVapVlanNameTypeArray{
		&fortimanager.ObjectWirelesscontrollerVapVlanNameTypeArgs{
			Name:   pulumi.String("string"),
			VlanId: pulumi.Float64(0),
		},
	},
	VlanPooling: pulumi.String("string"),
	VlanPools: fortimanager.ObjectWirelesscontrollerVapVlanPoolTypeArray{
		&fortimanager.ObjectWirelesscontrollerVapVlanPoolTypeArgs{
			_wtpGroup: pulumi.String("string"),
			Id:        pulumi.Float64(0),
		},
	},
	Vlanid:           pulumi.Float64(0),
	VoiceEnterprise:  pulumi.String("string"),
	WebfilterProfile: pulumi.String("string"),
})
var objectWirelesscontrollerVapResource = new ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", ObjectWirelesscontrollerVapArgs.builder()
    ._centmgmt("string")
    ._dhcpSvrId("string")
    ._intfAllowaccesses("string")
    ._intfDeviceAccessList("string")
    ._intfDeviceIdentification("string")
    ._intfDeviceNetscan("string")
    ._intfDhcp6RelayIp("string")
    ._intfDhcp6RelayService("string")
    ._intfDhcp6RelayType("string")
    ._intfDhcpRelayIps("string")
    ._intfDhcpRelayService("string")
    ._intfDhcpRelayType("string")
    ._intfIp("string")
    ._intfIp6Address("string")
    ._intfIp6Allowaccesses("string")
    ._intfListenForticlientConnection("string")
    ._isFactorySetting("string")
    .accessControlList("string")
    .acctInterimInterval(0.0)
    .additionalAkms("string")
    .addressGroup("string")
    .addressGroupPolicy("string")
    .adom("string")
    .alias("string")
    .antivirusProfile("string")
    .applicationDetectionEngine("string")
    .applicationDscpMarking("string")
    .applicationList("string")
    .applicationReportIntv(0.0)
    .atfWeight(0.0)
    .auth("string")
    .authCert("string")
    .authPortalAddr("string")
    .beaconAdvertisings("string")
    .broadcastSsid("string")
    .broadcastSuppressions("string")
    .bssColorPartial("string")
    .bstmDisassociationImminent("string")
    .bstmLoadBalancingDisassocTimer(0.0)
    .bstmRssiDisassocTimer(0.0)
    .captivePortalAcName("string")
    .captivePortalAuthTimeout(0.0)
    .captivePortalFwAccounting("string")
    .captivePortalMacauthRadiusSecrets("string")
    .captivePortalMacauthRadiusServer("string")
    .captivePortalRadiusSecrets("string")
    .captivePortalRadiusServer("string")
    .captivePortalSessionTimeoutInterval(0.0)
    .dhcpAddressEnforcement("string")
    .dhcpLeaseTime(0.0)
    .dhcpOption43Insertion("string")
    .dhcpOption82CircuitIdInsertion("string")
    .dhcpOption82Insertion("string")
    .dhcpOption82RemoteIdInsertion("string")
    .dynamicMappings(ObjectWirelesscontrollerVapDynamicMappingArgs.builder()
        ._centmgmt("string")
        ._dhcpSvrId("string")
        ._intfAllowaccesses("string")
        ._intfDeviceAccessList("string")
        ._intfDeviceIdentification("string")
        ._intfDeviceNetscan("string")
        ._intfDhcp6RelayIp("string")
        ._intfDhcp6RelayService("string")
        ._intfDhcp6RelayType("string")
        ._intfDhcpRelayIps("string")
        ._intfDhcpRelayService("string")
        ._intfDhcpRelayType("string")
        ._intfIp("string")
        ._intfIp6Address("string")
        ._intfIp6Allowaccesses("string")
        ._intfListenForticlientConnection("string")
        ._isFactorySetting("string")
        ._scopes(ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs.builder()
            .name("string")
            .vdom("string")
            .build())
        .accessControlList("string")
        .acctInterimInterval(0.0)
        .additionalAkms("string")
        .addressGroup("string")
        .addressGroupPolicy("string")
        .alias("string")
        .antivirusProfile("string")
        .applicationDetectionEngine("string")
        .applicationDscpMarking("string")
        .applicationList("string")
        .applicationReportIntv(0.0)
        .atfWeight(0.0)
        .auth("string")
        .authCert("string")
        .authPortalAddr("string")
        .beaconAdvertisings("string")
        .broadcastSsid("string")
        .broadcastSuppressions("string")
        .bssColorPartial("string")
        .bstmDisassociationImminent("string")
        .bstmLoadBalancingDisassocTimer(0.0)
        .bstmRssiDisassocTimer(0.0)
        .captivePortalAcName("string")
        .captivePortalAuthTimeout(0.0)
        .captivePortalFwAccounting("string")
        .captivePortalMacauthRadiusSecrets("string")
        .captivePortalMacauthRadiusServer("string")
        .captivePortalRadiusSecrets("string")
        .captivePortalRadiusServer("string")
        .captivePortalSessionTimeoutInterval(0.0)
        .clientCount(0.0)
        .dhcpAddressEnforcement("string")
        .dhcpLeaseTime(0.0)
        .dhcpOption43Insertion("string")
        .dhcpOption82CircuitIdInsertion("string")
        .dhcpOption82Insertion("string")
        .dhcpOption82RemoteIdInsertion("string")
        .dynamicVlan("string")
        .eapReauth("string")
        .eapReauthIntv(0.0)
        .eapolKeyRetries("string")
        .encrypt("string")
        .externalFastRoaming("string")
        .externalLogout("string")
        .externalWeb("string")
        .externalWebFormat("string")
        .fastBssTransition("string")
        .fastRoaming("string")
        .ftMobilityDomain(0.0)
        .ftOverDs("string")
        .ftR0KeyLifetime(0.0)
        .gasComebackDelay(0.0)
        .gasFragmentationLimit(0.0)
        .gtkRekey("string")
        .gtkRekeyIntv(0.0)
        .highEfficiency("string")
        .hotspot20Profile("string")
        .igmpSnooping("string")
        .intraVapPrivacy("string")
        .ip("string")
        .ipsSensor("string")
        .ipv6Rules("string")
        .keyindex(0.0)
        .keys("string")
        .l3Roaming("string")
        .l3RoamingMode("string")
        .ldpc("string")
        .localAuthentication("string")
        .localBridging("string")
        .localLan("string")
        .localStandalone("string")
        .localStandaloneDns("string")
        .localStandaloneDnsIps("string")
        .localStandaloneNat("string")
        .localSwitching("string")
        .macAuthBypass("string")
        .macCalledStationDelimiter("string")
        .macCallingStationDelimiter("string")
        .macCase("string")
        .macFilter("string")
        .macFilterPolicyOther("string")
        .macPasswordDelimiter("string")
        .macUsernameDelimiter("string")
        .maxClients(0.0)
        .maxClientsAp(0.0)
        .mbo("string")
        .mboCellDataConnPref("string")
        .meDisableThresh(0.0)
        .meshBackhaul("string")
        .mpsk("string")
        .mpskConcurrentClients(0.0)
        .mpskProfile("string")
        .muMimo("string")
        .multicastEnhance("string")
        .multicastRate("string")
        .n80211k("string")
        .n80211v("string")
        .nac("string")
        .nacProfile("string")
        .neighborReportDualBand("string")
        .okc("string")
        .osen("string")
        .oweGroups("string")
        .oweTransition("string")
        .oweTransitionSsid("string")
        .passphrases("string")
        .pmf("string")
        .pmfAssocComebackTimeout(0.0)
        .pmfSaQueryRetryTimeout(0.0)
        .portMacauth("string")
        .portMacauthReauthTimeout(0.0)
        .portMacauthTimeout(0.0)
        .portalMessageOverrideGroup("string")
        .portalType("string")
        .primaryWagProfile("string")
        .probeRespSuppression("string")
        .probeRespThreshold("string")
        .ptkRekey("string")
        .ptkRekeyIntv(0.0)
        .qosProfile("string")
        .quarantine("string")
        .radio2gThreshold("string")
        .radio5gThreshold("string")
        .radioSensitivity("string")
        .radiusMacAuth("string")
        .radiusMacAuthBlockInterval(0.0)
        .radiusMacAuthServer("string")
        .radiusMacAuthUsergroups("string")
        .radiusMacMpskAuth("string")
        .radiusMacMpskTimeout(0.0)
        .radiusServer("string")
        .rates11acMcsMap("string")
        .rates11acSs12s("string")
        .rates11acSs34s("string")
        .rates11as("string")
        .rates11axMcsMap("string")
        .rates11axSs12s("string")
        .rates11axSs34s("string")
        .rates11bgs("string")
        .rates11nSs12s("string")
        .rates11nSs34s("string")
        .roamingAcctInterimUpdate("string")
        .saeGroups("string")
        .saeH2eOnly("string")
        .saeHnpOnly("string")
        .saePasswords("string")
        .saePk("string")
        .saePrivateKey("string")
        .scanBotnetConnections("string")
        .schedule("string")
        .secondaryWagProfile("string")
        .security("string")
        .securityExemptList("string")
        .securityObsoleteOption("string")
        .securityRedirectUrl("string")
        .selectedUsergroups("string")
        .splitTunneling("string")
        .ssid("string")
        .stickyClientRemove("string")
        .stickyClientThreshold2g("string")
        .stickyClientThreshold5g("string")
        .stickyClientThreshold6g("string")
        .targetWakeTime("string")
        .tkipCounterMeasure("string")
        .tunnelEchoInterval(0.0)
        .tunnelFallbackInterval(0.0)
        .usergroup("string")
        .utmLog("string")
        .utmProfile("string")
        .utmStatus("string")
        .vdom("string")
        .vlanAuto("string")
        .vlanPooling("string")
        .vlanid(0.0)
        .voiceEnterprise("string")
        .webfilterProfile("string")
        .build())
    .dynamicSortSubtable("string")
    .dynamicVlan("string")
    .eapReauth("string")
    .eapReauthIntv(0.0)
    .eapolKeyRetries("string")
    .encrypt("string")
    .externalFastRoaming("string")
    .externalLogout("string")
    .externalWeb("string")
    .externalWebFormat("string")
    .fastBssTransition("string")
    .fastRoaming("string")
    .ftMobilityDomain(0.0)
    .ftOverDs("string")
    .ftR0KeyLifetime(0.0)
    .gasComebackDelay(0.0)
    .gasFragmentationLimit(0.0)
    .gtkRekey("string")
    .gtkRekeyIntv(0.0)
    .highEfficiency("string")
    .hotspot20Profile("string")
    .igmpSnooping("string")
    .intraVapPrivacy("string")
    .ip("string")
    .ipsSensor("string")
    .ipv6Rules("string")
    .keyindex(0.0)
    .keys("string")
    .l3Roaming("string")
    .l3RoamingMode("string")
    .ldpc("string")
    .localAuthentication("string")
    .localBridging("string")
    .localLan("string")
    .localStandalone("string")
    .localStandaloneDns("string")
    .localStandaloneDnsIps("string")
    .localStandaloneNat("string")
    .macAuthBypass("string")
    .macCalledStationDelimiter("string")
    .macCallingStationDelimiter("string")
    .macCase("string")
    .macFilter("string")
    .macFilterLists(ObjectWirelesscontrollerVapMacFilterListArgs.builder()
        .id(0.0)
        .mac("string")
        .macFilterPolicy("string")
        .build())
    .macFilterPolicyOther("string")
    .macPasswordDelimiter("string")
    .macUsernameDelimiter("string")
    .maxClients(0.0)
    .maxClientsAp(0.0)
    .mbo("string")
    .mboCellDataConnPref("string")
    .meDisableThresh(0.0)
    .meshBackhaul("string")
    .mpsk("string")
    .mpskConcurrentClients(0.0)
    .mpskKeys(ObjectWirelesscontrollerVapMpskKeyArgs.builder()
        .comment("string")
        .concurrentClients("string")
        .keyName("string")
        .mpskSchedules("string")
        .passphrases("string")
        .build())
    .mpskProfile("string")
    .muMimo("string")
    .multicastEnhance("string")
    .multicastRate("string")
    .n80211k("string")
    .n80211v("string")
    .nac("string")
    .nacProfile("string")
    .name("string")
    .neighborReportDualBand("string")
    .objectWirelesscontrollerVapId("string")
    .okc("string")
    .osen("string")
    .oweGroups("string")
    .oweTransition("string")
    .oweTransitionSsid("string")
    .passphrases("string")
    .pmf("string")
    .pmfAssocComebackTimeout(0.0)
    .pmfSaQueryRetryTimeout(0.0)
    .portMacauth("string")
    .portMacauthReauthTimeout(0.0)
    .portMacauthTimeout(0.0)
    .portalMessageOverrideGroup("string")
    .portalMessageOverrides(ObjectWirelesscontrollerVapPortalMessageOverridesArgs.builder()
        .authDisclaimerPage("string")
        .authLoginFailedPage("string")
        .authLoginPage("string")
        .authRejectPage("string")
        .build())
    .portalType("string")
    .primaryWagProfile("string")
    .probeRespSuppression("string")
    .probeRespThreshold("string")
    .ptkRekey("string")
    .ptkRekeyIntv(0.0)
    .qosProfile("string")
    .quarantine("string")
    .radio2gThreshold("string")
    .radio5gThreshold("string")
    .radioSensitivity("string")
    .radiusMacAuth("string")
    .radiusMacAuthBlockInterval(0.0)
    .radiusMacAuthServer("string")
    .radiusMacAuthUsergroups("string")
    .radiusMacMpskAuth("string")
    .radiusMacMpskTimeout(0.0)
    .radiusServer("string")
    .rates11acMcsMap("string")
    .rates11acSs12s("string")
    .rates11acSs34s("string")
    .rates11as("string")
    .rates11axMcsMap("string")
    .rates11axSs12s("string")
    .rates11axSs34s("string")
    .rates11bgs("string")
    .rates11nSs12s("string")
    .rates11nSs34s("string")
    .roamingAcctInterimUpdate("string")
    .saeGroups("string")
    .saeH2eOnly("string")
    .saeHnpOnly("string")
    .saePasswords("string")
    .saePk("string")
    .saePrivateKey("string")
    .scanBotnetConnections("string")
    .schedules("string")
    .scopetype("string")
    .secondaryWagProfile("string")
    .security("string")
    .securityExemptList("string")
    .securityObsoleteOption("string")
    .securityRedirectUrl("string")
    .selectedUsergroups("string")
    .splitTunneling("string")
    .ssid("string")
    .stickyClientRemove("string")
    .stickyClientThreshold2g("string")
    .stickyClientThreshold5g("string")
    .stickyClientThreshold6g("string")
    .targetWakeTime("string")
    .tkipCounterMeasure("string")
    .tunnelEchoInterval(0.0)
    .tunnelFallbackInterval(0.0)
    .usergroup("string")
    .utmLog("string")
    .utmProfile("string")
    .utmStatus("string")
    .vdom("string")
    .vlanAuto("string")
    .vlanNames(ObjectWirelesscontrollerVapVlanNameArgs.builder()
        .name("string")
        .vlanId(0.0)
        .build())
    .vlanPooling("string")
    .vlanPools(ObjectWirelesscontrollerVapVlanPoolArgs.builder()
        ._wtpGroup("string")
        .id(0.0)
        .build())
    .vlanid(0.0)
    .voiceEnterprise("string")
    .webfilterProfile("string")
    .build());
object_wirelesscontroller_vap_resource = fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource",
    _centmgmt="string",
    _dhcp_svr_id="string",
    _intf_allowaccesses=["string"],
    _intf_device_access_list="string",
    _intf_device_identification="string",
    _intf_device_netscan="string",
    _intf_dhcp6_relay_ip="string",
    _intf_dhcp6_relay_service="string",
    _intf_dhcp6_relay_type="string",
    _intf_dhcp_relay_ips=["string"],
    _intf_dhcp_relay_service="string",
    _intf_dhcp_relay_type="string",
    _intf_ip="string",
    _intf_ip6_address="string",
    _intf_ip6_allowaccesses=["string"],
    _intf_listen_forticlient_connection="string",
    _is_factory_setting="string",
    access_control_list="string",
    acct_interim_interval=0,
    additional_akms=["string"],
    address_group="string",
    address_group_policy="string",
    adom="string",
    alias="string",
    antivirus_profile="string",
    application_detection_engine="string",
    application_dscp_marking="string",
    application_list="string",
    application_report_intv=0,
    atf_weight=0,
    auth="string",
    auth_cert="string",
    auth_portal_addr="string",
    beacon_advertisings=["string"],
    broadcast_ssid="string",
    broadcast_suppressions=["string"],
    bss_color_partial="string",
    bstm_disassociation_imminent="string",
    bstm_load_balancing_disassoc_timer=0,
    bstm_rssi_disassoc_timer=0,
    captive_portal_ac_name="string",
    captive_portal_auth_timeout=0,
    captive_portal_fw_accounting="string",
    captive_portal_macauth_radius_secrets=["string"],
    captive_portal_macauth_radius_server="string",
    captive_portal_radius_secrets=["string"],
    captive_portal_radius_server="string",
    captive_portal_session_timeout_interval=0,
    dhcp_address_enforcement="string",
    dhcp_lease_time=0,
    dhcp_option43_insertion="string",
    dhcp_option82_circuit_id_insertion="string",
    dhcp_option82_insertion="string",
    dhcp_option82_remote_id_insertion="string",
    dynamic_mappings=[{
        "_centmgmt": "string",
        "_dhcp_svr_id": "string",
        "_intf_allowaccesses": ["string"],
        "_intf_device_access_list": "string",
        "_intf_device_identification": "string",
        "_intf_device_netscan": "string",
        "_intf_dhcp6_relay_ip": "string",
        "_intf_dhcp6_relay_service": "string",
        "_intf_dhcp6_relay_type": "string",
        "_intf_dhcp_relay_ips": ["string"],
        "_intf_dhcp_relay_service": "string",
        "_intf_dhcp_relay_type": "string",
        "_intf_ip": "string",
        "_intf_ip6_address": "string",
        "_intf_ip6_allowaccesses": ["string"],
        "_intf_listen_forticlient_connection": "string",
        "_is_factory_setting": "string",
        "_scopes": [{
            "name": "string",
            "vdom": "string",
        }],
        "access_control_list": "string",
        "acct_interim_interval": 0,
        "additional_akms": ["string"],
        "address_group": "string",
        "address_group_policy": "string",
        "alias": "string",
        "antivirus_profile": "string",
        "application_detection_engine": "string",
        "application_dscp_marking": "string",
        "application_list": "string",
        "application_report_intv": 0,
        "atf_weight": 0,
        "auth": "string",
        "auth_cert": "string",
        "auth_portal_addr": "string",
        "beacon_advertisings": ["string"],
        "broadcast_ssid": "string",
        "broadcast_suppressions": ["string"],
        "bss_color_partial": "string",
        "bstm_disassociation_imminent": "string",
        "bstm_load_balancing_disassoc_timer": 0,
        "bstm_rssi_disassoc_timer": 0,
        "captive_portal_ac_name": "string",
        "captive_portal_auth_timeout": 0,
        "captive_portal_fw_accounting": "string",
        "captive_portal_macauth_radius_secrets": ["string"],
        "captive_portal_macauth_radius_server": "string",
        "captive_portal_radius_secrets": ["string"],
        "captive_portal_radius_server": "string",
        "captive_portal_session_timeout_interval": 0,
        "client_count": 0,
        "dhcp_address_enforcement": "string",
        "dhcp_lease_time": 0,
        "dhcp_option43_insertion": "string",
        "dhcp_option82_circuit_id_insertion": "string",
        "dhcp_option82_insertion": "string",
        "dhcp_option82_remote_id_insertion": "string",
        "dynamic_vlan": "string",
        "eap_reauth": "string",
        "eap_reauth_intv": 0,
        "eapol_key_retries": "string",
        "encrypt": "string",
        "external_fast_roaming": "string",
        "external_logout": "string",
        "external_web": "string",
        "external_web_format": "string",
        "fast_bss_transition": "string",
        "fast_roaming": "string",
        "ft_mobility_domain": 0,
        "ft_over_ds": "string",
        "ft_r0_key_lifetime": 0,
        "gas_comeback_delay": 0,
        "gas_fragmentation_limit": 0,
        "gtk_rekey": "string",
        "gtk_rekey_intv": 0,
        "high_efficiency": "string",
        "hotspot20_profile": "string",
        "igmp_snooping": "string",
        "intra_vap_privacy": "string",
        "ip": "string",
        "ips_sensor": "string",
        "ipv6_rules": ["string"],
        "keyindex": 0,
        "keys": ["string"],
        "l3_roaming": "string",
        "l3_roaming_mode": "string",
        "ldpc": "string",
        "local_authentication": "string",
        "local_bridging": "string",
        "local_lan": "string",
        "local_standalone": "string",
        "local_standalone_dns": "string",
        "local_standalone_dns_ips": ["string"],
        "local_standalone_nat": "string",
        "local_switching": "string",
        "mac_auth_bypass": "string",
        "mac_called_station_delimiter": "string",
        "mac_calling_station_delimiter": "string",
        "mac_case": "string",
        "mac_filter": "string",
        "mac_filter_policy_other": "string",
        "mac_password_delimiter": "string",
        "mac_username_delimiter": "string",
        "max_clients": 0,
        "max_clients_ap": 0,
        "mbo": "string",
        "mbo_cell_data_conn_pref": "string",
        "me_disable_thresh": 0,
        "mesh_backhaul": "string",
        "mpsk": "string",
        "mpsk_concurrent_clients": 0,
        "mpsk_profile": "string",
        "mu_mimo": "string",
        "multicast_enhance": "string",
        "multicast_rate": "string",
        "n80211k": "string",
        "n80211v": "string",
        "nac": "string",
        "nac_profile": "string",
        "neighbor_report_dual_band": "string",
        "okc": "string",
        "osen": "string",
        "owe_groups": ["string"],
        "owe_transition": "string",
        "owe_transition_ssid": "string",
        "passphrases": ["string"],
        "pmf": "string",
        "pmf_assoc_comeback_timeout": 0,
        "pmf_sa_query_retry_timeout": 0,
        "port_macauth": "string",
        "port_macauth_reauth_timeout": 0,
        "port_macauth_timeout": 0,
        "portal_message_override_group": "string",
        "portal_type": "string",
        "primary_wag_profile": "string",
        "probe_resp_suppression": "string",
        "probe_resp_threshold": "string",
        "ptk_rekey": "string",
        "ptk_rekey_intv": 0,
        "qos_profile": "string",
        "quarantine": "string",
        "radio2g_threshold": "string",
        "radio5g_threshold": "string",
        "radio_sensitivity": "string",
        "radius_mac_auth": "string",
        "radius_mac_auth_block_interval": 0,
        "radius_mac_auth_server": "string",
        "radius_mac_auth_usergroups": ["string"],
        "radius_mac_mpsk_auth": "string",
        "radius_mac_mpsk_timeout": 0,
        "radius_server": "string",
        "rates11ac_mcs_map": "string",
        "rates11ac_ss12s": ["string"],
        "rates11ac_ss34s": ["string"],
        "rates11as": ["string"],
        "rates11ax_mcs_map": "string",
        "rates11ax_ss12s": ["string"],
        "rates11ax_ss34s": ["string"],
        "rates11bgs": ["string"],
        "rates11n_ss12s": ["string"],
        "rates11n_ss34s": ["string"],
        "roaming_acct_interim_update": "string",
        "sae_groups": ["string"],
        "sae_h2e_only": "string",
        "sae_hnp_only": "string",
        "sae_passwords": ["string"],
        "sae_pk": "string",
        "sae_private_key": "string",
        "scan_botnet_connections": "string",
        "schedule": "string",
        "secondary_wag_profile": "string",
        "security": "string",
        "security_exempt_list": "string",
        "security_obsolete_option": "string",
        "security_redirect_url": "string",
        "selected_usergroups": "string",
        "split_tunneling": "string",
        "ssid": "string",
        "sticky_client_remove": "string",
        "sticky_client_threshold2g": "string",
        "sticky_client_threshold5g": "string",
        "sticky_client_threshold6g": "string",
        "target_wake_time": "string",
        "tkip_counter_measure": "string",
        "tunnel_echo_interval": 0,
        "tunnel_fallback_interval": 0,
        "usergroup": "string",
        "utm_log": "string",
        "utm_profile": "string",
        "utm_status": "string",
        "vdom": "string",
        "vlan_auto": "string",
        "vlan_pooling": "string",
        "vlanid": 0,
        "voice_enterprise": "string",
        "webfilter_profile": "string",
    }],
    dynamic_sort_subtable="string",
    dynamic_vlan="string",
    eap_reauth="string",
    eap_reauth_intv=0,
    eapol_key_retries="string",
    encrypt="string",
    external_fast_roaming="string",
    external_logout="string",
    external_web="string",
    external_web_format="string",
    fast_bss_transition="string",
    fast_roaming="string",
    ft_mobility_domain=0,
    ft_over_ds="string",
    ft_r0_key_lifetime=0,
    gas_comeback_delay=0,
    gas_fragmentation_limit=0,
    gtk_rekey="string",
    gtk_rekey_intv=0,
    high_efficiency="string",
    hotspot20_profile="string",
    igmp_snooping="string",
    intra_vap_privacy="string",
    ip="string",
    ips_sensor="string",
    ipv6_rules=["string"],
    keyindex=0,
    keys=["string"],
    l3_roaming="string",
    l3_roaming_mode="string",
    ldpc="string",
    local_authentication="string",
    local_bridging="string",
    local_lan="string",
    local_standalone="string",
    local_standalone_dns="string",
    local_standalone_dns_ips=["string"],
    local_standalone_nat="string",
    mac_auth_bypass="string",
    mac_called_station_delimiter="string",
    mac_calling_station_delimiter="string",
    mac_case="string",
    mac_filter="string",
    mac_filter_lists=[{
        "id": 0,
        "mac": "string",
        "mac_filter_policy": "string",
    }],
    mac_filter_policy_other="string",
    mac_password_delimiter="string",
    mac_username_delimiter="string",
    max_clients=0,
    max_clients_ap=0,
    mbo="string",
    mbo_cell_data_conn_pref="string",
    me_disable_thresh=0,
    mesh_backhaul="string",
    mpsk="string",
    mpsk_concurrent_clients=0,
    mpsk_keys=[{
        "comment": "string",
        "concurrent_clients": "string",
        "key_name": "string",
        "mpsk_schedules": "string",
        "passphrases": ["string"],
    }],
    mpsk_profile="string",
    mu_mimo="string",
    multicast_enhance="string",
    multicast_rate="string",
    n80211k="string",
    n80211v="string",
    nac="string",
    nac_profile="string",
    name="string",
    neighbor_report_dual_band="string",
    object_wirelesscontroller_vap_id="string",
    okc="string",
    osen="string",
    owe_groups=["string"],
    owe_transition="string",
    owe_transition_ssid="string",
    passphrases=["string"],
    pmf="string",
    pmf_assoc_comeback_timeout=0,
    pmf_sa_query_retry_timeout=0,
    port_macauth="string",
    port_macauth_reauth_timeout=0,
    port_macauth_timeout=0,
    portal_message_override_group="string",
    portal_message_overrides={
        "auth_disclaimer_page": "string",
        "auth_login_failed_page": "string",
        "auth_login_page": "string",
        "auth_reject_page": "string",
    },
    portal_type="string",
    primary_wag_profile="string",
    probe_resp_suppression="string",
    probe_resp_threshold="string",
    ptk_rekey="string",
    ptk_rekey_intv=0,
    qos_profile="string",
    quarantine="string",
    radio2g_threshold="string",
    radio5g_threshold="string",
    radio_sensitivity="string",
    radius_mac_auth="string",
    radius_mac_auth_block_interval=0,
    radius_mac_auth_server="string",
    radius_mac_auth_usergroups=["string"],
    radius_mac_mpsk_auth="string",
    radius_mac_mpsk_timeout=0,
    radius_server="string",
    rates11ac_mcs_map="string",
    rates11ac_ss12s=["string"],
    rates11ac_ss34s=["string"],
    rates11as=["string"],
    rates11ax_mcs_map="string",
    rates11ax_ss12s=["string"],
    rates11ax_ss34s=["string"],
    rates11bgs=["string"],
    rates11n_ss12s=["string"],
    rates11n_ss34s=["string"],
    roaming_acct_interim_update="string",
    sae_groups=["string"],
    sae_h2e_only="string",
    sae_hnp_only="string",
    sae_passwords=["string"],
    sae_pk="string",
    sae_private_key="string",
    scan_botnet_connections="string",
    schedules=["string"],
    scopetype="string",
    secondary_wag_profile="string",
    security="string",
    security_exempt_list="string",
    security_obsolete_option="string",
    security_redirect_url="string",
    selected_usergroups="string",
    split_tunneling="string",
    ssid="string",
    sticky_client_remove="string",
    sticky_client_threshold2g="string",
    sticky_client_threshold5g="string",
    sticky_client_threshold6g="string",
    target_wake_time="string",
    tkip_counter_measure="string",
    tunnel_echo_interval=0,
    tunnel_fallback_interval=0,
    usergroup="string",
    utm_log="string",
    utm_profile="string",
    utm_status="string",
    vdom="string",
    vlan_auto="string",
    vlan_names=[{
        "name": "string",
        "vlan_id": 0,
    }],
    vlan_pooling="string",
    vlan_pools=[{
        "_wtp_group": "string",
        "id": 0,
    }],
    vlanid=0,
    voice_enterprise="string",
    webfilter_profile="string")
const objectWirelesscontrollerVapResource = new fortimanager.ObjectWirelesscontrollerVap("objectWirelesscontrollerVapResource", {
    _centmgmt: "string",
    _dhcpSvrId: "string",
    _intfAllowaccesses: ["string"],
    _intfDeviceAccessList: "string",
    _intfDeviceIdentification: "string",
    _intfDeviceNetscan: "string",
    _intfDhcp6RelayIp: "string",
    _intfDhcp6RelayService: "string",
    _intfDhcp6RelayType: "string",
    _intfDhcpRelayIps: ["string"],
    _intfDhcpRelayService: "string",
    _intfDhcpRelayType: "string",
    _intfIp: "string",
    _intfIp6Address: "string",
    _intfIp6Allowaccesses: ["string"],
    _intfListenForticlientConnection: "string",
    _isFactorySetting: "string",
    accessControlList: "string",
    acctInterimInterval: 0,
    additionalAkms: ["string"],
    addressGroup: "string",
    addressGroupPolicy: "string",
    adom: "string",
    alias: "string",
    antivirusProfile: "string",
    applicationDetectionEngine: "string",
    applicationDscpMarking: "string",
    applicationList: "string",
    applicationReportIntv: 0,
    atfWeight: 0,
    auth: "string",
    authCert: "string",
    authPortalAddr: "string",
    beaconAdvertisings: ["string"],
    broadcastSsid: "string",
    broadcastSuppressions: ["string"],
    bssColorPartial: "string",
    bstmDisassociationImminent: "string",
    bstmLoadBalancingDisassocTimer: 0,
    bstmRssiDisassocTimer: 0,
    captivePortalAcName: "string",
    captivePortalAuthTimeout: 0,
    captivePortalFwAccounting: "string",
    captivePortalMacauthRadiusSecrets: ["string"],
    captivePortalMacauthRadiusServer: "string",
    captivePortalRadiusSecrets: ["string"],
    captivePortalRadiusServer: "string",
    captivePortalSessionTimeoutInterval: 0,
    dhcpAddressEnforcement: "string",
    dhcpLeaseTime: 0,
    dhcpOption43Insertion: "string",
    dhcpOption82CircuitIdInsertion: "string",
    dhcpOption82Insertion: "string",
    dhcpOption82RemoteIdInsertion: "string",
    dynamicMappings: [{
        _centmgmt: "string",
        _dhcpSvrId: "string",
        _intfAllowaccesses: ["string"],
        _intfDeviceAccessList: "string",
        _intfDeviceIdentification: "string",
        _intfDeviceNetscan: "string",
        _intfDhcp6RelayIp: "string",
        _intfDhcp6RelayService: "string",
        _intfDhcp6RelayType: "string",
        _intfDhcpRelayIps: ["string"],
        _intfDhcpRelayService: "string",
        _intfDhcpRelayType: "string",
        _intfIp: "string",
        _intfIp6Address: "string",
        _intfIp6Allowaccesses: ["string"],
        _intfListenForticlientConnection: "string",
        _isFactorySetting: "string",
        _scopes: [{
            name: "string",
            vdom: "string",
        }],
        accessControlList: "string",
        acctInterimInterval: 0,
        additionalAkms: ["string"],
        addressGroup: "string",
        addressGroupPolicy: "string",
        alias: "string",
        antivirusProfile: "string",
        applicationDetectionEngine: "string",
        applicationDscpMarking: "string",
        applicationList: "string",
        applicationReportIntv: 0,
        atfWeight: 0,
        auth: "string",
        authCert: "string",
        authPortalAddr: "string",
        beaconAdvertisings: ["string"],
        broadcastSsid: "string",
        broadcastSuppressions: ["string"],
        bssColorPartial: "string",
        bstmDisassociationImminent: "string",
        bstmLoadBalancingDisassocTimer: 0,
        bstmRssiDisassocTimer: 0,
        captivePortalAcName: "string",
        captivePortalAuthTimeout: 0,
        captivePortalFwAccounting: "string",
        captivePortalMacauthRadiusSecrets: ["string"],
        captivePortalMacauthRadiusServer: "string",
        captivePortalRadiusSecrets: ["string"],
        captivePortalRadiusServer: "string",
        captivePortalSessionTimeoutInterval: 0,
        clientCount: 0,
        dhcpAddressEnforcement: "string",
        dhcpLeaseTime: 0,
        dhcpOption43Insertion: "string",
        dhcpOption82CircuitIdInsertion: "string",
        dhcpOption82Insertion: "string",
        dhcpOption82RemoteIdInsertion: "string",
        dynamicVlan: "string",
        eapReauth: "string",
        eapReauthIntv: 0,
        eapolKeyRetries: "string",
        encrypt: "string",
        externalFastRoaming: "string",
        externalLogout: "string",
        externalWeb: "string",
        externalWebFormat: "string",
        fastBssTransition: "string",
        fastRoaming: "string",
        ftMobilityDomain: 0,
        ftOverDs: "string",
        ftR0KeyLifetime: 0,
        gasComebackDelay: 0,
        gasFragmentationLimit: 0,
        gtkRekey: "string",
        gtkRekeyIntv: 0,
        highEfficiency: "string",
        hotspot20Profile: "string",
        igmpSnooping: "string",
        intraVapPrivacy: "string",
        ip: "string",
        ipsSensor: "string",
        ipv6Rules: ["string"],
        keyindex: 0,
        keys: ["string"],
        l3Roaming: "string",
        l3RoamingMode: "string",
        ldpc: "string",
        localAuthentication: "string",
        localBridging: "string",
        localLan: "string",
        localStandalone: "string",
        localStandaloneDns: "string",
        localStandaloneDnsIps: ["string"],
        localStandaloneNat: "string",
        localSwitching: "string",
        macAuthBypass: "string",
        macCalledStationDelimiter: "string",
        macCallingStationDelimiter: "string",
        macCase: "string",
        macFilter: "string",
        macFilterPolicyOther: "string",
        macPasswordDelimiter: "string",
        macUsernameDelimiter: "string",
        maxClients: 0,
        maxClientsAp: 0,
        mbo: "string",
        mboCellDataConnPref: "string",
        meDisableThresh: 0,
        meshBackhaul: "string",
        mpsk: "string",
        mpskConcurrentClients: 0,
        mpskProfile: "string",
        muMimo: "string",
        multicastEnhance: "string",
        multicastRate: "string",
        n80211k: "string",
        n80211v: "string",
        nac: "string",
        nacProfile: "string",
        neighborReportDualBand: "string",
        okc: "string",
        osen: "string",
        oweGroups: ["string"],
        oweTransition: "string",
        oweTransitionSsid: "string",
        passphrases: ["string"],
        pmf: "string",
        pmfAssocComebackTimeout: 0,
        pmfSaQueryRetryTimeout: 0,
        portMacauth: "string",
        portMacauthReauthTimeout: 0,
        portMacauthTimeout: 0,
        portalMessageOverrideGroup: "string",
        portalType: "string",
        primaryWagProfile: "string",
        probeRespSuppression: "string",
        probeRespThreshold: "string",
        ptkRekey: "string",
        ptkRekeyIntv: 0,
        qosProfile: "string",
        quarantine: "string",
        radio2gThreshold: "string",
        radio5gThreshold: "string",
        radioSensitivity: "string",
        radiusMacAuth: "string",
        radiusMacAuthBlockInterval: 0,
        radiusMacAuthServer: "string",
        radiusMacAuthUsergroups: ["string"],
        radiusMacMpskAuth: "string",
        radiusMacMpskTimeout: 0,
        radiusServer: "string",
        rates11acMcsMap: "string",
        rates11acSs12s: ["string"],
        rates11acSs34s: ["string"],
        rates11as: ["string"],
        rates11axMcsMap: "string",
        rates11axSs12s: ["string"],
        rates11axSs34s: ["string"],
        rates11bgs: ["string"],
        rates11nSs12s: ["string"],
        rates11nSs34s: ["string"],
        roamingAcctInterimUpdate: "string",
        saeGroups: ["string"],
        saeH2eOnly: "string",
        saeHnpOnly: "string",
        saePasswords: ["string"],
        saePk: "string",
        saePrivateKey: "string",
        scanBotnetConnections: "string",
        schedule: "string",
        secondaryWagProfile: "string",
        security: "string",
        securityExemptList: "string",
        securityObsoleteOption: "string",
        securityRedirectUrl: "string",
        selectedUsergroups: "string",
        splitTunneling: "string",
        ssid: "string",
        stickyClientRemove: "string",
        stickyClientThreshold2g: "string",
        stickyClientThreshold5g: "string",
        stickyClientThreshold6g: "string",
        targetWakeTime: "string",
        tkipCounterMeasure: "string",
        tunnelEchoInterval: 0,
        tunnelFallbackInterval: 0,
        usergroup: "string",
        utmLog: "string",
        utmProfile: "string",
        utmStatus: "string",
        vdom: "string",
        vlanAuto: "string",
        vlanPooling: "string",
        vlanid: 0,
        voiceEnterprise: "string",
        webfilterProfile: "string",
    }],
    dynamicSortSubtable: "string",
    dynamicVlan: "string",
    eapReauth: "string",
    eapReauthIntv: 0,
    eapolKeyRetries: "string",
    encrypt: "string",
    externalFastRoaming: "string",
    externalLogout: "string",
    externalWeb: "string",
    externalWebFormat: "string",
    fastBssTransition: "string",
    fastRoaming: "string",
    ftMobilityDomain: 0,
    ftOverDs: "string",
    ftR0KeyLifetime: 0,
    gasComebackDelay: 0,
    gasFragmentationLimit: 0,
    gtkRekey: "string",
    gtkRekeyIntv: 0,
    highEfficiency: "string",
    hotspot20Profile: "string",
    igmpSnooping: "string",
    intraVapPrivacy: "string",
    ip: "string",
    ipsSensor: "string",
    ipv6Rules: ["string"],
    keyindex: 0,
    keys: ["string"],
    l3Roaming: "string",
    l3RoamingMode: "string",
    ldpc: "string",
    localAuthentication: "string",
    localBridging: "string",
    localLan: "string",
    localStandalone: "string",
    localStandaloneDns: "string",
    localStandaloneDnsIps: ["string"],
    localStandaloneNat: "string",
    macAuthBypass: "string",
    macCalledStationDelimiter: "string",
    macCallingStationDelimiter: "string",
    macCase: "string",
    macFilter: "string",
    macFilterLists: [{
        id: 0,
        mac: "string",
        macFilterPolicy: "string",
    }],
    macFilterPolicyOther: "string",
    macPasswordDelimiter: "string",
    macUsernameDelimiter: "string",
    maxClients: 0,
    maxClientsAp: 0,
    mbo: "string",
    mboCellDataConnPref: "string",
    meDisableThresh: 0,
    meshBackhaul: "string",
    mpsk: "string",
    mpskConcurrentClients: 0,
    mpskKeys: [{
        comment: "string",
        concurrentClients: "string",
        keyName: "string",
        mpskSchedules: "string",
        passphrases: ["string"],
    }],
    mpskProfile: "string",
    muMimo: "string",
    multicastEnhance: "string",
    multicastRate: "string",
    n80211k: "string",
    n80211v: "string",
    nac: "string",
    nacProfile: "string",
    name: "string",
    neighborReportDualBand: "string",
    objectWirelesscontrollerVapId: "string",
    okc: "string",
    osen: "string",
    oweGroups: ["string"],
    oweTransition: "string",
    oweTransitionSsid: "string",
    passphrases: ["string"],
    pmf: "string",
    pmfAssocComebackTimeout: 0,
    pmfSaQueryRetryTimeout: 0,
    portMacauth: "string",
    portMacauthReauthTimeout: 0,
    portMacauthTimeout: 0,
    portalMessageOverrideGroup: "string",
    portalMessageOverrides: {
        authDisclaimerPage: "string",
        authLoginFailedPage: "string",
        authLoginPage: "string",
        authRejectPage: "string",
    },
    portalType: "string",
    primaryWagProfile: "string",
    probeRespSuppression: "string",
    probeRespThreshold: "string",
    ptkRekey: "string",
    ptkRekeyIntv: 0,
    qosProfile: "string",
    quarantine: "string",
    radio2gThreshold: "string",
    radio5gThreshold: "string",
    radioSensitivity: "string",
    radiusMacAuth: "string",
    radiusMacAuthBlockInterval: 0,
    radiusMacAuthServer: "string",
    radiusMacAuthUsergroups: ["string"],
    radiusMacMpskAuth: "string",
    radiusMacMpskTimeout: 0,
    radiusServer: "string",
    rates11acMcsMap: "string",
    rates11acSs12s: ["string"],
    rates11acSs34s: ["string"],
    rates11as: ["string"],
    rates11axMcsMap: "string",
    rates11axSs12s: ["string"],
    rates11axSs34s: ["string"],
    rates11bgs: ["string"],
    rates11nSs12s: ["string"],
    rates11nSs34s: ["string"],
    roamingAcctInterimUpdate: "string",
    saeGroups: ["string"],
    saeH2eOnly: "string",
    saeHnpOnly: "string",
    saePasswords: ["string"],
    saePk: "string",
    saePrivateKey: "string",
    scanBotnetConnections: "string",
    schedules: ["string"],
    scopetype: "string",
    secondaryWagProfile: "string",
    security: "string",
    securityExemptList: "string",
    securityObsoleteOption: "string",
    securityRedirectUrl: "string",
    selectedUsergroups: "string",
    splitTunneling: "string",
    ssid: "string",
    stickyClientRemove: "string",
    stickyClientThreshold2g: "string",
    stickyClientThreshold5g: "string",
    stickyClientThreshold6g: "string",
    targetWakeTime: "string",
    tkipCounterMeasure: "string",
    tunnelEchoInterval: 0,
    tunnelFallbackInterval: 0,
    usergroup: "string",
    utmLog: "string",
    utmProfile: "string",
    utmStatus: "string",
    vdom: "string",
    vlanAuto: "string",
    vlanNames: [{
        name: "string",
        vlanId: 0,
    }],
    vlanPooling: "string",
    vlanPools: [{
        _wtpGroup: "string",
        id: 0,
    }],
    vlanid: 0,
    voiceEnterprise: "string",
    webfilterProfile: "string",
});
type: fortimanager:ObjectWirelesscontrollerVap
properties:
    _centmgmt: string
    _dhcpSvrId: string
    _intfAllowaccesses:
        - string
    _intfDeviceAccessList: string
    _intfDeviceIdentification: string
    _intfDeviceNetscan: string
    _intfDhcp6RelayIp: string
    _intfDhcp6RelayService: string
    _intfDhcp6RelayType: string
    _intfDhcpRelayIps:
        - string
    _intfDhcpRelayService: string
    _intfDhcpRelayType: string
    _intfIp: string
    _intfIp6Address: string
    _intfIp6Allowaccesses:
        - string
    _intfListenForticlientConnection: string
    _isFactorySetting: string
    accessControlList: string
    acctInterimInterval: 0
    additionalAkms:
        - string
    addressGroup: string
    addressGroupPolicy: string
    adom: string
    alias: string
    antivirusProfile: string
    applicationDetectionEngine: string
    applicationDscpMarking: string
    applicationList: string
    applicationReportIntv: 0
    atfWeight: 0
    auth: string
    authCert: string
    authPortalAddr: string
    beaconAdvertisings:
        - string
    broadcastSsid: string
    broadcastSuppressions:
        - string
    bssColorPartial: string
    bstmDisassociationImminent: string
    bstmLoadBalancingDisassocTimer: 0
    bstmRssiDisassocTimer: 0
    captivePortalAcName: string
    captivePortalAuthTimeout: 0
    captivePortalFwAccounting: string
    captivePortalMacauthRadiusSecrets:
        - string
    captivePortalMacauthRadiusServer: string
    captivePortalRadiusSecrets:
        - string
    captivePortalRadiusServer: string
    captivePortalSessionTimeoutInterval: 0
    dhcpAddressEnforcement: string
    dhcpLeaseTime: 0
    dhcpOption43Insertion: string
    dhcpOption82CircuitIdInsertion: string
    dhcpOption82Insertion: string
    dhcpOption82RemoteIdInsertion: string
    dynamicMappings:
        - _centmgmt: string
          _dhcpSvrId: string
          _intfAllowaccesses:
            - string
          _intfDeviceAccessList: string
          _intfDeviceIdentification: string
          _intfDeviceNetscan: string
          _intfDhcp6RelayIp: string
          _intfDhcp6RelayService: string
          _intfDhcp6RelayType: string
          _intfDhcpRelayIps:
            - string
          _intfDhcpRelayService: string
          _intfDhcpRelayType: string
          _intfIp: string
          _intfIp6Address: string
          _intfIp6Allowaccesses:
            - string
          _intfListenForticlientConnection: string
          _isFactorySetting: string
          _scopes:
            - name: string
              vdom: string
          accessControlList: string
          acctInterimInterval: 0
          additionalAkms:
            - string
          addressGroup: string
          addressGroupPolicy: string
          alias: string
          antivirusProfile: string
          applicationDetectionEngine: string
          applicationDscpMarking: string
          applicationList: string
          applicationReportIntv: 0
          atfWeight: 0
          auth: string
          authCert: string
          authPortalAddr: string
          beaconAdvertisings:
            - string
          broadcastSsid: string
          broadcastSuppressions:
            - string
          bssColorPartial: string
          bstmDisassociationImminent: string
          bstmLoadBalancingDisassocTimer: 0
          bstmRssiDisassocTimer: 0
          captivePortalAcName: string
          captivePortalAuthTimeout: 0
          captivePortalFwAccounting: string
          captivePortalMacauthRadiusSecrets:
            - string
          captivePortalMacauthRadiusServer: string
          captivePortalRadiusSecrets:
            - string
          captivePortalRadiusServer: string
          captivePortalSessionTimeoutInterval: 0
          clientCount: 0
          dhcpAddressEnforcement: string
          dhcpLeaseTime: 0
          dhcpOption43Insertion: string
          dhcpOption82CircuitIdInsertion: string
          dhcpOption82Insertion: string
          dhcpOption82RemoteIdInsertion: string
          dynamicVlan: string
          eapReauth: string
          eapReauthIntv: 0
          eapolKeyRetries: string
          encrypt: string
          externalFastRoaming: string
          externalLogout: string
          externalWeb: string
          externalWebFormat: string
          fastBssTransition: string
          fastRoaming: string
          ftMobilityDomain: 0
          ftOverDs: string
          ftR0KeyLifetime: 0
          gasComebackDelay: 0
          gasFragmentationLimit: 0
          gtkRekey: string
          gtkRekeyIntv: 0
          highEfficiency: string
          hotspot20Profile: string
          igmpSnooping: string
          intraVapPrivacy: string
          ip: string
          ipsSensor: string
          ipv6Rules:
            - string
          keyindex: 0
          keys:
            - string
          l3Roaming: string
          l3RoamingMode: string
          ldpc: string
          localAuthentication: string
          localBridging: string
          localLan: string
          localStandalone: string
          localStandaloneDns: string
          localStandaloneDnsIps:
            - string
          localStandaloneNat: string
          localSwitching: string
          macAuthBypass: string
          macCalledStationDelimiter: string
          macCallingStationDelimiter: string
          macCase: string
          macFilter: string
          macFilterPolicyOther: string
          macPasswordDelimiter: string
          macUsernameDelimiter: string
          maxClients: 0
          maxClientsAp: 0
          mbo: string
          mboCellDataConnPref: string
          meDisableThresh: 0
          meshBackhaul: string
          mpsk: string
          mpskConcurrentClients: 0
          mpskProfile: string
          muMimo: string
          multicastEnhance: string
          multicastRate: string
          n80211k: string
          n80211v: string
          nac: string
          nacProfile: string
          neighborReportDualBand: string
          okc: string
          osen: string
          oweGroups:
            - string
          oweTransition: string
          oweTransitionSsid: string
          passphrases:
            - string
          pmf: string
          pmfAssocComebackTimeout: 0
          pmfSaQueryRetryTimeout: 0
          portMacauth: string
          portMacauthReauthTimeout: 0
          portMacauthTimeout: 0
          portalMessageOverrideGroup: string
          portalType: string
          primaryWagProfile: string
          probeRespSuppression: string
          probeRespThreshold: string
          ptkRekey: string
          ptkRekeyIntv: 0
          qosProfile: string
          quarantine: string
          radio2gThreshold: string
          radio5gThreshold: string
          radioSensitivity: string
          radiusMacAuth: string
          radiusMacAuthBlockInterval: 0
          radiusMacAuthServer: string
          radiusMacAuthUsergroups:
            - string
          radiusMacMpskAuth: string
          radiusMacMpskTimeout: 0
          radiusServer: string
          rates11acMcsMap: string
          rates11acSs12s:
            - string
          rates11acSs34s:
            - string
          rates11as:
            - string
          rates11axMcsMap: string
          rates11axSs12s:
            - string
          rates11axSs34s:
            - string
          rates11bgs:
            - string
          rates11nSs12s:
            - string
          rates11nSs34s:
            - string
          roamingAcctInterimUpdate: string
          saeGroups:
            - string
          saeH2eOnly: string
          saeHnpOnly: string
          saePasswords:
            - string
          saePk: string
          saePrivateKey: string
          scanBotnetConnections: string
          schedule: string
          secondaryWagProfile: string
          security: string
          securityExemptList: string
          securityObsoleteOption: string
          securityRedirectUrl: string
          selectedUsergroups: string
          splitTunneling: string
          ssid: string
          stickyClientRemove: string
          stickyClientThreshold2g: string
          stickyClientThreshold5g: string
          stickyClientThreshold6g: string
          targetWakeTime: string
          tkipCounterMeasure: string
          tunnelEchoInterval: 0
          tunnelFallbackInterval: 0
          usergroup: string
          utmLog: string
          utmProfile: string
          utmStatus: string
          vdom: string
          vlanAuto: string
          vlanPooling: string
          vlanid: 0
          voiceEnterprise: string
          webfilterProfile: string
    dynamicSortSubtable: string
    dynamicVlan: string
    eapReauth: string
    eapReauthIntv: 0
    eapolKeyRetries: string
    encrypt: string
    externalFastRoaming: string
    externalLogout: string
    externalWeb: string
    externalWebFormat: string
    fastBssTransition: string
    fastRoaming: string
    ftMobilityDomain: 0
    ftOverDs: string
    ftR0KeyLifetime: 0
    gasComebackDelay: 0
    gasFragmentationLimit: 0
    gtkRekey: string
    gtkRekeyIntv: 0
    highEfficiency: string
    hotspot20Profile: string
    igmpSnooping: string
    intraVapPrivacy: string
    ip: string
    ipsSensor: string
    ipv6Rules:
        - string
    keyindex: 0
    keys:
        - string
    l3Roaming: string
    l3RoamingMode: string
    ldpc: string
    localAuthentication: string
    localBridging: string
    localLan: string
    localStandalone: string
    localStandaloneDns: string
    localStandaloneDnsIps:
        - string
    localStandaloneNat: string
    macAuthBypass: string
    macCalledStationDelimiter: string
    macCallingStationDelimiter: string
    macCase: string
    macFilter: string
    macFilterLists:
        - id: 0
          mac: string
          macFilterPolicy: string
    macFilterPolicyOther: string
    macPasswordDelimiter: string
    macUsernameDelimiter: string
    maxClients: 0
    maxClientsAp: 0
    mbo: string
    mboCellDataConnPref: string
    meDisableThresh: 0
    meshBackhaul: string
    mpsk: string
    mpskConcurrentClients: 0
    mpskKeys:
        - comment: string
          concurrentClients: string
          keyName: string
          mpskSchedules: string
          passphrases:
            - string
    mpskProfile: string
    muMimo: string
    multicastEnhance: string
    multicastRate: string
    n80211k: string
    n80211v: string
    nac: string
    nacProfile: string
    name: string
    neighborReportDualBand: string
    objectWirelesscontrollerVapId: string
    okc: string
    osen: string
    oweGroups:
        - string
    oweTransition: string
    oweTransitionSsid: string
    passphrases:
        - string
    pmf: string
    pmfAssocComebackTimeout: 0
    pmfSaQueryRetryTimeout: 0
    portMacauth: string
    portMacauthReauthTimeout: 0
    portMacauthTimeout: 0
    portalMessageOverrideGroup: string
    portalMessageOverrides:
        authDisclaimerPage: string
        authLoginFailedPage: string
        authLoginPage: string
        authRejectPage: string
    portalType: string
    primaryWagProfile: string
    probeRespSuppression: string
    probeRespThreshold: string
    ptkRekey: string
    ptkRekeyIntv: 0
    qosProfile: string
    quarantine: string
    radio2gThreshold: string
    radio5gThreshold: string
    radioSensitivity: string
    radiusMacAuth: string
    radiusMacAuthBlockInterval: 0
    radiusMacAuthServer: string
    radiusMacAuthUsergroups:
        - string
    radiusMacMpskAuth: string
    radiusMacMpskTimeout: 0
    radiusServer: string
    rates11acMcsMap: string
    rates11acSs12s:
        - string
    rates11acSs34s:
        - string
    rates11as:
        - string
    rates11axMcsMap: string
    rates11axSs12s:
        - string
    rates11axSs34s:
        - string
    rates11bgs:
        - string
    rates11nSs12s:
        - string
    rates11nSs34s:
        - string
    roamingAcctInterimUpdate: string
    saeGroups:
        - string
    saeH2eOnly: string
    saeHnpOnly: string
    saePasswords:
        - string
    saePk: string
    saePrivateKey: string
    scanBotnetConnections: string
    schedules:
        - string
    scopetype: string
    secondaryWagProfile: string
    security: string
    securityExemptList: string
    securityObsoleteOption: string
    securityRedirectUrl: string
    selectedUsergroups: string
    splitTunneling: string
    ssid: string
    stickyClientRemove: string
    stickyClientThreshold2g: string
    stickyClientThreshold5g: string
    stickyClientThreshold6g: string
    targetWakeTime: string
    tkipCounterMeasure: string
    tunnelEchoInterval: 0
    tunnelFallbackInterval: 0
    usergroup: string
    utmLog: string
    utmProfile: string
    utmStatus: string
    vdom: string
    vlanAuto: string
    vlanNames:
        - name: string
          vlanId: 0
    vlanPooling: string
    vlanPools:
        - _wtpGroup: string
          id: 0
    vlanid: 0
    voiceEnterprise: string
    webfilterProfile: string
ObjectWirelesscontrollerVap Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ObjectWirelesscontrollerVap resource accepts the following input properties:
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim doubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms List<string>
- Additional AKMs. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport doubleIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight double
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings List<string>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions List<string>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- BstmLoad doubleBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi doubleDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal doubleAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal List<string>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal List<string>Radius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal doubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- DhcpLease doubleTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicMappings List<ObjectWirelesscontroller Vap Dynamic Mapping> 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- DynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth doubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility doubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key doubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback doubleDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation doubleLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey doubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules List<string>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex double
- WEP key index (1 - 4).
- Keys List<string>
- WEP Key.
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone List<string>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter List<ObjectLists Wirelesscontroller Vap Mac Filter List> 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients doubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable doubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent doubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskKeys List<ObjectWirelesscontroller Vap Mpsk Key> 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: disable,enable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- ObjectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups List<string>
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases List<string>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc doubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa doubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth doubleReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth doubleTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey doubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac doubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac List<string>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac doubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s List<string>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s List<string>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as List<string>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s List<string>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s List<string>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs List<string>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s List<string>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s List<string>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups List<string>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords List<string>
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedules List<string>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho doubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback doubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Name of the VDOM that the Virtual AP has been added to.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanNames List<ObjectWirelesscontroller Vap Vlan Name> 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools List<ObjectWirelesscontroller Vap Vlan Pool> 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- Vlanid double
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<string>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<string>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf List<string>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim float64Interval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms []string
- Additional AKMs. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport float64Intv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight float64
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings []string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions []string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- BstmLoad float64Balancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi float64Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal float64Auth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal []stringMacauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal []stringRadius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal float64Session Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- DhcpLease float64Time 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicMappings []ObjectWirelesscontroller Vap Dynamic Mapping Type Args 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- DynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth float64Intv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility float64Domain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key float64Lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback float64Delay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation float64Limit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey float64Intv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules []string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex float64
- WEP key index (1 - 4).
- Keys []string
- WEP Key.
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone []stringDns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter []ObjectLists Wirelesscontroller Vap Mac Filter List Type Args 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients float64
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients float64Ap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable float64Thresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent float64Clients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskKeys []ObjectWirelesscontroller Vap Mpsk Key Args 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: disable,enable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- ObjectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups []string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases []string
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc float64Comeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa float64Query Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth float64Reauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth float64Timeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides Type Args 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey float64Intv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac float64Auth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac []stringAuth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac float64Mpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s []string
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s []string
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as []string
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s []string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s []string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs []string
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s []string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s []string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups []string
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords []string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedules []string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho float64Interval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback float64Interval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Name of the VDOM that the Virtual AP has been added to.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanNames []ObjectWirelesscontroller Vap Vlan Name Type Args 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools []ObjectWirelesscontroller Vap Vlan Pool Type Args 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- Vlanid float64
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf []stringAllowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf []stringDhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf []stringIp6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl StringList 
- access-control-list profile name.
- acctInterim DoubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional AKMs. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom String
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport DoubleIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Double
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad DoubleBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi DoubleDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal DoubleAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal DoubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease DoubleTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings List<ObjectWirelesscontroller Vap Dynamic Mapping> 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort StringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth DoubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility DoubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key DoubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback DoubleDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation DoubleLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey DoubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Double
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter List<ObjectLists Wirelesscontroller Vap Mac Filter List> 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients DoubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable DoubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent DoubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys List<ObjectWirelesscontroller Vap Mpsk Key> 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller StringVap Id 
- an identifier for the resource with format {{name}}.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc DoubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa DoubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth DoubleReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth DoubleTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey DoubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac DoubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac DoubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules List<String>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho DoubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback DoubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames List<ObjectWirelesscontroller Vap Vlan Name> 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<ObjectWirelesscontroller Vap Vlan Pool> 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid Double
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf string[]Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf string[]Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf string[]Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl stringList 
- access-control-list profile name.
- acctInterim numberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms string[]
- Additional AKMs. Valid values: akm6.
- addressGroup string
- Address group ID.
- addressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias string
- Alias.
- antivirusProfile string
- AntiVirus profile name.
- applicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList string
- Application control list name.
- applicationReport numberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight number
- Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert string
- HTTPS server certificate.
- authPortal stringAddr 
- Address of captive portal.
- beaconAdvertisings string[]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions string[]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad numberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi numberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal numberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal string[]Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal string[]Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal numberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease numberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings ObjectWirelesscontroller Vap Dynamic Mapping[] 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth numberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout string
- URL of external authentication logout server.
- externalWeb string
- URL of external authentication web server.
- externalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility numberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key numberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback numberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation numberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey numberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile string
- Hotspot 2.0 profile name.
- igmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor string
- IPS sensor name.
- ipv6Rules string[]
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex number
- WEP key index (1 - 4).
- keys string[]
- WEP Key.
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone string[]Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter ObjectLists Wirelesscontroller Vap Mac Filter List[] 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients numberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable numberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent numberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys ObjectWirelesscontroller Vap Mpsk Key[] 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile string
- MPSK profile name.
- muMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac string
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile string
- NAC profile name.
- name string
- Virtual AP name.
- neighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups string[]
- OWE-Groups. Valid values: 19,20,21.
- oweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition stringSsid 
- OWE transition mode peer SSID.
- passphrases string[]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc numberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa numberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth numberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth numberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag stringProfile 
- Primary wireless access gateway profile name.
- probeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey numberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile string
- Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac numberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac string[]Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac numberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer string
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s string[]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s string[]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as string[]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s string[]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s string[]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs string[]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s string[]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s string[]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups string[]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords string[]
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules string[]
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt stringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups string
- Selective user groups that are permitted to authenticate.
- splitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho numberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback numberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup string
- Firewall user group to be used to authenticate WiFi users.
- utmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile string
- UTM profile name.
- utmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom string
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames ObjectWirelesscontroller Vap Vlan Name[] 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools ObjectWirelesscontroller Vap Vlan Pool[] 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid number
- Optional VLAN ID.
- voiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile string
- WebFilter profile name.
- _centmgmt str
- _Centmgmt. Valid values: disable,enable.
- _dhcp_ strsvr_ id 
- _Dhcp_Svr_Id.
- _intf_ Sequence[str]allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf_ strdevice_ access_ list 
- _Intf_Device-Access-List.
- _intf_ strdevice_ identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf_ strdevice_ netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf_ strdhcp6_ relay_ service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf_ Sequence[str]dhcp_ relay_ ips 
- _Intf_Dhcp-Relay-Ip.
- _intf_ strdhcp_ relay_ service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp_ relay_ type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf_ strip 
- _Intf_Ip.
- _intf_ strip6_ address 
- _Intf_Ip6-Address.
- _intf_ Sequence[str]ip6_ allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf_ strlisten_ forticlient_ connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is_ strfactory_ setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- access_control_ strlist 
- access-control-list profile name.
- acct_interim_ floatinterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_akms Sequence[str]
- Additional AKMs. Valid values: akm6.
- address_group str
- Address group ID.
- address_group_ strpolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom str
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias str
- Alias.
- antivirus_profile str
- AntiVirus profile name.
- application_detection_ strengine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- application_dscp_ strmarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- application_list str
- Application control list name.
- application_report_ floatintv 
- Application report interval (30 - 864000 sec, default = 120).
- atf_weight float
- Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- auth_cert str
- HTTPS server certificate.
- auth_portal_ straddr 
- Address of captive portal.
- beacon_advertisings Sequence[str]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcast_ssid str
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcast_suppressions Sequence[str]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bss_color_ strpartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstm_disassociation_ strimminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstm_load_ floatbalancing_ disassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_rssi_ floatdisassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_portal_ strac_ name 
- Local-bridging captive portal ac-name.
- captive_portal_ floatauth_ timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_portal_ strfw_ accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captive_portal_ Sequence[str]macauth_ radius_ secrets 
- Secret key to access the macauth RADIUS server.
- captive_portal_ strmacauth_ radius_ server 
- Captive portal external RADIUS server domain name or IP address.
- captive_portal_ Sequence[str]radius_ secrets 
- Secret key to access the RADIUS server.
- captive_portal_ strradius_ server 
- Captive portal RADIUS server domain name or IP address.
- captive_portal_ floatsession_ timeout_ interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_address_ strenforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcp_lease_ floattime 
- DHCP lease time in seconds for NAT IP address.
- dhcp_option43_ strinsertion 
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcp_option82_ strcircuit_ id_ insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcp_option82_ strinsertion 
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcp_option82_ strremote_ id_ insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamic_mappings Sequence[ObjectWirelesscontroller Vap Dynamic Mapping Args] 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamic_sort_ strsubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic_vlan str
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eap_reauth str
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eap_reauth_ floatintv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_key_ strretries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- external_fast_ strroaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- external_logout str
- URL of external authentication logout server.
- external_web str
- URL of external authentication web server.
- external_web_ strformat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fast_bss_ strtransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fast_roaming str
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ft_mobility_ floatdomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_over_ strds 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ft_r0_ floatkey_ lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_comeback_ floatdelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_fragmentation_ floatlimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtk_rekey str
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtk_rekey_ floatintv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- high_efficiency str
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20_profile str
- Hotspot 2.0 profile name.
- igmp_snooping str
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intra_vap_ strprivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_sensor str
- IPS sensor name.
- ipv6_rules Sequence[str]
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex float
- WEP key index (1 - 4).
- keys Sequence[str]
- WEP Key.
- l3_roaming str
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3_roaming_ strmode 
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- local_authentication str
- Enable/disable AP local authentication. Valid values: disable,enable.
- local_bridging str
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- local_lan str
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- local_standalone str
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- local_standalone_ strdns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- local_standalone_ Sequence[str]dns_ ips 
- IPv4 addresses for the local standalone DNS.
- local_standalone_ strnat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- mac_auth_ strbypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- mac_called_ strstation_ delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_calling_ strstation_ delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_case str
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- mac_filter str
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- mac_filter_ Sequence[Objectlists Wirelesscontroller Vap Mac Filter List Args] 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- mac_filter_ strpolicy_ other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- max_clients float
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_clients_ floatap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mbo_cell_ strdata_ conn_ pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- me_disable_ floatthresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_backhaul str
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk str
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpsk_concurrent_ floatclients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk_keys Sequence[ObjectWirelesscontroller Vap Mpsk Key Args] 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpsk_profile str
- MPSK profile name.
- mu_mimo str
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicast_enhance str
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicast_rate str
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac str
- Enable/disable network access control. Valid values: disable,enable.
- nac_profile str
- NAC profile name.
- name str
- Virtual AP name.
- neighbor_report_ strdual_ band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- object_wirelesscontroller_ strvap_ id 
- an identifier for the resource with format {{name}}.
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- owe_groups Sequence[str]
- OWE-Groups. Valid values: 19,20,21.
- owe_transition str
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- owe_transition_ strssid 
- OWE transition mode peer SSID.
- passphrases Sequence[str]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmf_assoc_ floatcomeback_ timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_sa_ floatquery_ retry_ timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_macauth str
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- port_macauth_ floatreauth_ timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_macauth_ floattimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_message_ stroverride_ group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_message_ Objectoverrides Wirelesscontroller Vap Portal Message Overrides Args 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portal_type str
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primary_wag_ strprofile 
- Primary wireless access gateway profile name.
- probe_resp_ strsuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probe_resp_ strthreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_rekey str
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptk_rekey_ floatintv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos_profile str
- Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_sensitivity str
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radius_mac_ strauth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radius_mac_ floatauth_ block_ interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_mac_ strauth_ server 
- RADIUS-based MAC authentication server.
- radius_mac_ Sequence[str]auth_ usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radius_mac_ strmpsk_ auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radius_mac_ floatmpsk_ timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_server str
- RADIUS server to be used to authenticate WiFi users.
- rates11ac_mcs_ strmap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_ss12s Sequence[str]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11ac_ss34s Sequence[str]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as Sequence[str]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11ax_mcs_ strmap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_ss12s Sequence[str]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ax_ss34s Sequence[str]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs Sequence[str]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11n_ss12s Sequence[str]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11n_ss34s Sequence[str]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roaming_acct_ strinterim_ update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- sae_groups Sequence[str]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- sae_h2e_ stronly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_hnp_ stronly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_passwords Sequence[str]
- WPA3 SAE password to be used to authenticate WiFi users.
- sae_pk str
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- sae_private_ strkey 
- Private key used for WPA3 SAE-PK authentication.
- scan_botnet_ strconnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules Sequence[str]
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype str
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondary_wag_ strprofile 
- Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- security_exempt_ strlist 
- Optional security exempt list for captive portal authentication.
- security_obsolete_ stroption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- security_redirect_ strurl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selected_usergroups str
- Selective user groups that are permitted to authenticate.
- split_tunneling str
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_client_ strremove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- sticky_client_ strthreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_client_ strthreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_client_ strthreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_wake_ strtime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkip_counter_ strmeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnel_echo_ floatinterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_fallback_ floatinterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup str
- Firewall user group to be used to authenticate WiFi users.
- utm_log str
- Enable/disable UTM logging. Valid values: disable,enable.
- utm_profile str
- UTM profile name.
- utm_status str
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom str
- Name of the VDOM that the Virtual AP has been added to.
- vlan_auto str
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlan_names Sequence[ObjectWirelesscontroller Vap Vlan Name Args] 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlan_pooling str
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlan_pools Sequence[ObjectWirelesscontroller Vap Vlan Pool Args] 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid float
- Optional VLAN ID.
- voice_enterprise str
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilter_profile str
- WebFilter profile name.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl StringList 
- access-control-list profile name.
- acctInterim NumberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional AKMs. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom String
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport NumberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Number
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad NumberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi NumberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal NumberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal NumberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease NumberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings List<Property Map>
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort StringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth NumberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility NumberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key NumberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback NumberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation NumberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey NumberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Number
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter List<Property Map>Lists 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients NumberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable NumberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent NumberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys List<Property Map>
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller StringVap Id 
- an identifier for the resource with format {{name}}.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc NumberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa NumberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth NumberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth NumberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage Property MapOverrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey NumberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac NumberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac NumberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules List<String>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho NumberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback NumberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames List<Property Map>
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<Property Map>
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid Number
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectWirelesscontrollerVap resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectWirelesscontrollerVap Resource
Get an existing ObjectWirelesscontrollerVap resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectWirelesscontrollerVapState, opts?: CustomResourceOptions): ObjectWirelesscontrollerVap@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        _centmgmt: Optional[str] = None,
        _dhcp_svr_id: Optional[str] = None,
        _intf_allowaccesses: Optional[Sequence[str]] = None,
        _intf_device_access_list: Optional[str] = None,
        _intf_device_identification: Optional[str] = None,
        _intf_device_netscan: Optional[str] = None,
        _intf_dhcp6_relay_ip: Optional[str] = None,
        _intf_dhcp6_relay_service: Optional[str] = None,
        _intf_dhcp6_relay_type: Optional[str] = None,
        _intf_dhcp_relay_ips: Optional[Sequence[str]] = None,
        _intf_dhcp_relay_service: Optional[str] = None,
        _intf_dhcp_relay_type: Optional[str] = None,
        _intf_ip: Optional[str] = None,
        _intf_ip6_address: Optional[str] = None,
        _intf_ip6_allowaccesses: Optional[Sequence[str]] = None,
        _intf_listen_forticlient_connection: Optional[str] = None,
        _is_factory_setting: Optional[str] = None,
        access_control_list: Optional[str] = None,
        acct_interim_interval: Optional[float] = None,
        additional_akms: Optional[Sequence[str]] = None,
        address_group: Optional[str] = None,
        address_group_policy: Optional[str] = None,
        adom: Optional[str] = None,
        alias: Optional[str] = None,
        antivirus_profile: Optional[str] = None,
        application_detection_engine: Optional[str] = None,
        application_dscp_marking: Optional[str] = None,
        application_list: Optional[str] = None,
        application_report_intv: Optional[float] = None,
        atf_weight: Optional[float] = None,
        auth: Optional[str] = None,
        auth_cert: Optional[str] = None,
        auth_portal_addr: Optional[str] = None,
        beacon_advertisings: Optional[Sequence[str]] = None,
        broadcast_ssid: Optional[str] = None,
        broadcast_suppressions: Optional[Sequence[str]] = None,
        bss_color_partial: Optional[str] = None,
        bstm_disassociation_imminent: Optional[str] = None,
        bstm_load_balancing_disassoc_timer: Optional[float] = None,
        bstm_rssi_disassoc_timer: Optional[float] = None,
        captive_portal_ac_name: Optional[str] = None,
        captive_portal_auth_timeout: Optional[float] = None,
        captive_portal_fw_accounting: Optional[str] = None,
        captive_portal_macauth_radius_secrets: Optional[Sequence[str]] = None,
        captive_portal_macauth_radius_server: Optional[str] = None,
        captive_portal_radius_secrets: Optional[Sequence[str]] = None,
        captive_portal_radius_server: Optional[str] = None,
        captive_portal_session_timeout_interval: Optional[float] = None,
        dhcp_address_enforcement: Optional[str] = None,
        dhcp_lease_time: Optional[float] = None,
        dhcp_option43_insertion: Optional[str] = None,
        dhcp_option82_circuit_id_insertion: Optional[str] = None,
        dhcp_option82_insertion: Optional[str] = None,
        dhcp_option82_remote_id_insertion: Optional[str] = None,
        dynamic_mappings: Optional[Sequence[ObjectWirelesscontrollerVapDynamicMappingArgs]] = None,
        dynamic_sort_subtable: Optional[str] = None,
        dynamic_vlan: Optional[str] = None,
        eap_reauth: Optional[str] = None,
        eap_reauth_intv: Optional[float] = None,
        eapol_key_retries: Optional[str] = None,
        encrypt: Optional[str] = None,
        external_fast_roaming: Optional[str] = None,
        external_logout: Optional[str] = None,
        external_web: Optional[str] = None,
        external_web_format: Optional[str] = None,
        fast_bss_transition: Optional[str] = None,
        fast_roaming: Optional[str] = None,
        ft_mobility_domain: Optional[float] = None,
        ft_over_ds: Optional[str] = None,
        ft_r0_key_lifetime: Optional[float] = None,
        gas_comeback_delay: Optional[float] = None,
        gas_fragmentation_limit: Optional[float] = None,
        gtk_rekey: Optional[str] = None,
        gtk_rekey_intv: Optional[float] = None,
        high_efficiency: Optional[str] = None,
        hotspot20_profile: Optional[str] = None,
        igmp_snooping: Optional[str] = None,
        intra_vap_privacy: Optional[str] = None,
        ip: Optional[str] = None,
        ips_sensor: Optional[str] = None,
        ipv6_rules: Optional[Sequence[str]] = None,
        keyindex: Optional[float] = None,
        keys: Optional[Sequence[str]] = None,
        l3_roaming: Optional[str] = None,
        l3_roaming_mode: Optional[str] = None,
        ldpc: Optional[str] = None,
        local_authentication: Optional[str] = None,
        local_bridging: Optional[str] = None,
        local_lan: Optional[str] = None,
        local_standalone: Optional[str] = None,
        local_standalone_dns: Optional[str] = None,
        local_standalone_dns_ips: Optional[Sequence[str]] = None,
        local_standalone_nat: Optional[str] = None,
        mac_auth_bypass: Optional[str] = None,
        mac_called_station_delimiter: Optional[str] = None,
        mac_calling_station_delimiter: Optional[str] = None,
        mac_case: Optional[str] = None,
        mac_filter: Optional[str] = None,
        mac_filter_lists: Optional[Sequence[ObjectWirelesscontrollerVapMacFilterListArgs]] = None,
        mac_filter_policy_other: Optional[str] = None,
        mac_password_delimiter: Optional[str] = None,
        mac_username_delimiter: Optional[str] = None,
        max_clients: Optional[float] = None,
        max_clients_ap: Optional[float] = None,
        mbo: Optional[str] = None,
        mbo_cell_data_conn_pref: Optional[str] = None,
        me_disable_thresh: Optional[float] = None,
        mesh_backhaul: Optional[str] = None,
        mpsk: Optional[str] = None,
        mpsk_concurrent_clients: Optional[float] = None,
        mpsk_keys: Optional[Sequence[ObjectWirelesscontrollerVapMpskKeyArgs]] = None,
        mpsk_profile: Optional[str] = None,
        mu_mimo: Optional[str] = None,
        multicast_enhance: Optional[str] = None,
        multicast_rate: Optional[str] = None,
        n80211k: Optional[str] = None,
        n80211v: Optional[str] = None,
        nac: Optional[str] = None,
        nac_profile: Optional[str] = None,
        name: Optional[str] = None,
        neighbor_report_dual_band: Optional[str] = None,
        object_wirelesscontroller_vap_id: Optional[str] = None,
        okc: Optional[str] = None,
        osen: Optional[str] = None,
        owe_groups: Optional[Sequence[str]] = None,
        owe_transition: Optional[str] = None,
        owe_transition_ssid: Optional[str] = None,
        passphrases: Optional[Sequence[str]] = None,
        pmf: Optional[str] = None,
        pmf_assoc_comeback_timeout: Optional[float] = None,
        pmf_sa_query_retry_timeout: Optional[float] = None,
        port_macauth: Optional[str] = None,
        port_macauth_reauth_timeout: Optional[float] = None,
        port_macauth_timeout: Optional[float] = None,
        portal_message_override_group: Optional[str] = None,
        portal_message_overrides: Optional[ObjectWirelesscontrollerVapPortalMessageOverridesArgs] = None,
        portal_type: Optional[str] = None,
        primary_wag_profile: Optional[str] = None,
        probe_resp_suppression: Optional[str] = None,
        probe_resp_threshold: Optional[str] = None,
        ptk_rekey: Optional[str] = None,
        ptk_rekey_intv: Optional[float] = None,
        qos_profile: Optional[str] = None,
        quarantine: Optional[str] = None,
        radio2g_threshold: Optional[str] = None,
        radio5g_threshold: Optional[str] = None,
        radio_sensitivity: Optional[str] = None,
        radius_mac_auth: Optional[str] = None,
        radius_mac_auth_block_interval: Optional[float] = None,
        radius_mac_auth_server: Optional[str] = None,
        radius_mac_auth_usergroups: Optional[Sequence[str]] = None,
        radius_mac_mpsk_auth: Optional[str] = None,
        radius_mac_mpsk_timeout: Optional[float] = None,
        radius_server: Optional[str] = None,
        rates11ac_mcs_map: Optional[str] = None,
        rates11ac_ss12s: Optional[Sequence[str]] = None,
        rates11ac_ss34s: Optional[Sequence[str]] = None,
        rates11as: Optional[Sequence[str]] = None,
        rates11ax_mcs_map: Optional[str] = None,
        rates11ax_ss12s: Optional[Sequence[str]] = None,
        rates11ax_ss34s: Optional[Sequence[str]] = None,
        rates11bgs: Optional[Sequence[str]] = None,
        rates11n_ss12s: Optional[Sequence[str]] = None,
        rates11n_ss34s: Optional[Sequence[str]] = None,
        roaming_acct_interim_update: Optional[str] = None,
        sae_groups: Optional[Sequence[str]] = None,
        sae_h2e_only: Optional[str] = None,
        sae_hnp_only: Optional[str] = None,
        sae_passwords: Optional[Sequence[str]] = None,
        sae_pk: Optional[str] = None,
        sae_private_key: Optional[str] = None,
        scan_botnet_connections: Optional[str] = None,
        schedules: Optional[Sequence[str]] = None,
        scopetype: Optional[str] = None,
        secondary_wag_profile: Optional[str] = None,
        security: Optional[str] = None,
        security_exempt_list: Optional[str] = None,
        security_obsolete_option: Optional[str] = None,
        security_redirect_url: Optional[str] = None,
        selected_usergroups: Optional[str] = None,
        split_tunneling: Optional[str] = None,
        ssid: Optional[str] = None,
        sticky_client_remove: Optional[str] = None,
        sticky_client_threshold2g: Optional[str] = None,
        sticky_client_threshold5g: Optional[str] = None,
        sticky_client_threshold6g: Optional[str] = None,
        target_wake_time: Optional[str] = None,
        tkip_counter_measure: Optional[str] = None,
        tunnel_echo_interval: Optional[float] = None,
        tunnel_fallback_interval: Optional[float] = None,
        usergroup: Optional[str] = None,
        utm_log: Optional[str] = None,
        utm_profile: Optional[str] = None,
        utm_status: Optional[str] = None,
        vdom: Optional[str] = None,
        vlan_auto: Optional[str] = None,
        vlan_names: Optional[Sequence[ObjectWirelesscontrollerVapVlanNameArgs]] = None,
        vlan_pooling: Optional[str] = None,
        vlan_pools: Optional[Sequence[ObjectWirelesscontrollerVapVlanPoolArgs]] = None,
        vlanid: Optional[float] = None,
        voice_enterprise: Optional[str] = None,
        webfilter_profile: Optional[str] = None) -> ObjectWirelesscontrollerVapfunc GetObjectWirelesscontrollerVap(ctx *Context, name string, id IDInput, state *ObjectWirelesscontrollerVapState, opts ...ResourceOption) (*ObjectWirelesscontrollerVap, error)public static ObjectWirelesscontrollerVap Get(string name, Input<string> id, ObjectWirelesscontrollerVapState? state, CustomResourceOptions? opts = null)public static ObjectWirelesscontrollerVap get(String name, Output<String> id, ObjectWirelesscontrollerVapState state, CustomResourceOptions options)resources:  _:    type: fortimanager:ObjectWirelesscontrollerVap    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim doubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms List<string>
- Additional AKMs. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport doubleIntv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight double
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings List<string>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions List<string>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- BstmLoad doubleBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi doubleDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal doubleAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal List<string>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal List<string>Radius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal doubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- DhcpLease doubleTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicMappings List<ObjectWirelesscontroller Vap Dynamic Mapping> 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- DynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth doubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility doubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key doubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback doubleDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation doubleLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey doubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules List<string>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex double
- WEP key index (1 - 4).
- Keys List<string>
- WEP Key.
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone List<string>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter List<ObjectLists Wirelesscontroller Vap Mac Filter List> 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients doubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable doubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent doubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskKeys List<ObjectWirelesscontroller Vap Mpsk Key> 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: disable,enable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- ObjectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups List<string>
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases List<string>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc doubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa doubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth doubleReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth doubleTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey doubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac doubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac List<string>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac doubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s List<string>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s List<string>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as List<string>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s List<string>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s List<string>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs List<string>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s List<string>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s List<string>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups List<string>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords List<string>
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedules List<string>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho doubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback doubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Name of the VDOM that the Virtual AP has been added to.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanNames List<ObjectWirelesscontroller Vap Vlan Name> 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools List<ObjectWirelesscontroller Vap Vlan Pool> 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- Vlanid double
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<string>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<string>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf List<string>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- AccessControl stringList 
- access-control-list profile name.
- AcctInterim float64Interval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms []string
- Additional AKMs. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- Adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport float64Intv 
- Application report interval (30 - 864000 sec, default = 120).
- AtfWeight float64
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings []string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions []string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- BstmLoad float64Balancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- BstmRssi float64Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal float64Auth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal []stringMacauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal []stringRadius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal float64Session Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- DhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- DhcpLease float64Time 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicMappings []ObjectWirelesscontroller Vap Dynamic Mapping Type Args 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- DynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth float64Intv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility float64Domain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key float64Lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback float64Delay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- GasFragmentation float64Limit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey float64Intv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules []string
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex float64
- WEP key index (1 - 4).
- Keys []string
- WEP Key.
- L3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone []stringDns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter []ObjectLists Wirelesscontroller Vap Mac Filter List Type Args 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- MaxClients float64
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients float64Ap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- MboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- MeDisable float64Thresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent float64Clients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskKeys []ObjectWirelesscontroller Vap Mpsk Key Args 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- MpskProfile string
- MPSK profile name.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Enable/disable network access control. Valid values: disable,enable.
- NacProfile string
- NAC profile name.
- Name string
- Virtual AP name.
- NeighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- ObjectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups []string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases []string
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc float64Comeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa float64Query Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- PortMacauth float64Reauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- PortMacauth float64Timeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides Type Args 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey float64Intv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac float64Auth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac []stringAuth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac float64Mpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s []string
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s []string
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as []string
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s []string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s []string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs []string
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s []string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s []string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups []string
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords []string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedules []string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- Scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- StickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho float64Interval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback float64Interval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Name of the VDOM that the Virtual AP has been added to.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanNames []ObjectWirelesscontroller Vap Vlan Name Type Args 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- VlanPools []ObjectWirelesscontroller Vap Vlan Pool Type Args 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- Vlanid float64
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf []stringAllowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf []stringDhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf []stringIp6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl StringList 
- access-control-list profile name.
- acctInterim DoubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional AKMs. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom String
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport DoubleIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Double
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad DoubleBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi DoubleDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal DoubleAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal DoubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease DoubleTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings List<ObjectWirelesscontroller Vap Dynamic Mapping> 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort StringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth DoubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility DoubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key DoubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback DoubleDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation DoubleLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey DoubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Double
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter List<ObjectLists Wirelesscontroller Vap Mac Filter List> 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients DoubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable DoubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent DoubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys List<ObjectWirelesscontroller Vap Mpsk Key> 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller StringVap Id 
- an identifier for the resource with format {{name}}.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc DoubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa DoubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth DoubleReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth DoubleTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey DoubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac DoubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac DoubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules List<String>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho DoubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback DoubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames List<ObjectWirelesscontroller Vap Vlan Name> 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<ObjectWirelesscontroller Vap Vlan Pool> 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid Double
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf string[]Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf string[]Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf string[]Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl stringList 
- access-control-list profile name.
- acctInterim numberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms string[]
- Additional AKMs. Valid values: akm6.
- addressGroup string
- Address group ID.
- addressGroup stringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom string
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias string
- Alias.
- antivirusProfile string
- AntiVirus profile name.
- applicationDetection stringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList string
- Application control list name.
- applicationReport numberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight number
- Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert string
- HTTPS server certificate.
- authPortal stringAddr 
- Address of captive portal.
- beaconAdvertisings string[]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions string[]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor stringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation stringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad numberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi numberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal numberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal string[]Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal string[]Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal numberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress stringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease numberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion string
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings ObjectWirelesscontroller Vap Dynamic Mapping[] 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort stringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth numberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout string
- URL of external authentication logout server.
- externalWeb string
- URL of external authentication web server.
- externalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility numberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key numberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback numberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation numberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey numberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile string
- Hotspot 2.0 profile name.
- igmpSnooping string
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor string
- IPS sensor name.
- ipv6Rules string[]
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex number
- WEP key index (1 - 4).
- keys string[]
- WEP Key.
- l3Roaming string
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone string[]Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled stringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling stringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase string
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter ObjectLists Wirelesscontroller Vap Mac Filter List[] 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword stringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients numberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo string
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell stringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable numberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent numberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys ObjectWirelesscontroller Vap Mpsk Key[] 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile string
- MPSK profile name.
- muMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac string
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile string
- NAC profile name.
- name string
- Virtual AP name.
- neighborReport stringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller stringVap Id 
- an identifier for the resource with format {{name}}.
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups string[]
- OWE-Groups. Valid values: 19,20,21.
- oweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition stringSsid 
- OWE transition mode peer SSID.
- passphrases string[]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc numberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa numberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth string
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth numberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth numberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage ObjectOverrides Wirelesscontroller Vap Portal Message Overrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag stringProfile 
- Primary wireless access gateway profile name.
- probeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey numberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile string
- Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac numberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac string[]Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac numberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer string
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s string[]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s string[]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as string[]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s string[]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s string[]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs string[]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s string[]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s string[]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups string[]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords string[]
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules string[]
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype string
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt stringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups string
- Selective user groups that are permitted to authenticate.
- splitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient stringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient stringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient stringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho numberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback numberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup string
- Firewall user group to be used to authenticate WiFi users.
- utmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile string
- UTM profile name.
- utmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom string
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames ObjectWirelesscontroller Vap Vlan Name[] 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools ObjectWirelesscontroller Vap Vlan Pool[] 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid number
- Optional VLAN ID.
- voiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile string
- WebFilter profile name.
- _centmgmt str
- _Centmgmt. Valid values: disable,enable.
- _dhcp_ strsvr_ id 
- _Dhcp_Svr_Id.
- _intf_ Sequence[str]allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf_ strdevice_ access_ list 
- _Intf_Device-Access-List.
- _intf_ strdevice_ identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf_ strdevice_ netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf_ strdhcp6_ relay_ service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf_ Sequence[str]dhcp_ relay_ ips 
- _Intf_Dhcp-Relay-Ip.
- _intf_ strdhcp_ relay_ service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp_ relay_ type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf_ strip 
- _Intf_Ip.
- _intf_ strip6_ address 
- _Intf_Ip6-Address.
- _intf_ Sequence[str]ip6_ allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf_ strlisten_ forticlient_ connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is_ strfactory_ setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- access_control_ strlist 
- access-control-list profile name.
- acct_interim_ floatinterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_akms Sequence[str]
- Additional AKMs. Valid values: akm6.
- address_group str
- Address group ID.
- address_group_ strpolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom str
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias str
- Alias.
- antivirus_profile str
- AntiVirus profile name.
- application_detection_ strengine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- application_dscp_ strmarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- application_list str
- Application control list name.
- application_report_ floatintv 
- Application report interval (30 - 864000 sec, default = 120).
- atf_weight float
- Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- auth_cert str
- HTTPS server certificate.
- auth_portal_ straddr 
- Address of captive portal.
- beacon_advertisings Sequence[str]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcast_ssid str
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcast_suppressions Sequence[str]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bss_color_ strpartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstm_disassociation_ strimminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstm_load_ floatbalancing_ disassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstm_rssi_ floatdisassoc_ timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captive_portal_ strac_ name 
- Local-bridging captive portal ac-name.
- captive_portal_ floatauth_ timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captive_portal_ strfw_ accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captive_portal_ Sequence[str]macauth_ radius_ secrets 
- Secret key to access the macauth RADIUS server.
- captive_portal_ strmacauth_ radius_ server 
- Captive portal external RADIUS server domain name or IP address.
- captive_portal_ Sequence[str]radius_ secrets 
- Secret key to access the RADIUS server.
- captive_portal_ strradius_ server 
- Captive portal RADIUS server domain name or IP address.
- captive_portal_ floatsession_ timeout_ interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcp_address_ strenforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcp_lease_ floattime 
- DHCP lease time in seconds for NAT IP address.
- dhcp_option43_ strinsertion 
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcp_option82_ strcircuit_ id_ insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcp_option82_ strinsertion 
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcp_option82_ strremote_ id_ insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamic_mappings Sequence[ObjectWirelesscontroller Vap Dynamic Mapping Args] 
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamic_sort_ strsubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamic_vlan str
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eap_reauth str
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eap_reauth_ floatintv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_key_ strretries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- external_fast_ strroaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- external_logout str
- URL of external authentication logout server.
- external_web str
- URL of external authentication web server.
- external_web_ strformat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fast_bss_ strtransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fast_roaming str
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ft_mobility_ floatdomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_over_ strds 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ft_r0_ floatkey_ lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_comeback_ floatdelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gas_fragmentation_ floatlimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtk_rekey str
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtk_rekey_ floatintv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- high_efficiency str
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20_profile str
- Hotspot 2.0 profile name.
- igmp_snooping str
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intra_vap_ strprivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_sensor str
- IPS sensor name.
- ipv6_rules Sequence[str]
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex float
- WEP key index (1 - 4).
- keys Sequence[str]
- WEP Key.
- l3_roaming str
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3_roaming_ strmode 
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- local_authentication str
- Enable/disable AP local authentication. Valid values: disable,enable.
- local_bridging str
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- local_lan str
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- local_standalone str
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- local_standalone_ strdns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- local_standalone_ Sequence[str]dns_ ips 
- IPv4 addresses for the local standalone DNS.
- local_standalone_ strnat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- mac_auth_ strbypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- mac_called_ strstation_ delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_calling_ strstation_ delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_case str
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- mac_filter str
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- mac_filter_ Sequence[Objectlists Wirelesscontroller Vap Mac Filter List Args] 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- mac_filter_ strpolicy_ other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- mac_password_ strdelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- max_clients float
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_clients_ floatap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo str
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mbo_cell_ strdata_ conn_ pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- me_disable_ floatthresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_backhaul str
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk str
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpsk_concurrent_ floatclients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk_keys Sequence[ObjectWirelesscontroller Vap Mpsk Key Args] 
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpsk_profile str
- MPSK profile name.
- mu_mimo str
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicast_enhance str
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicast_rate str
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac str
- Enable/disable network access control. Valid values: disable,enable.
- nac_profile str
- NAC profile name.
- name str
- Virtual AP name.
- neighbor_report_ strdual_ band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- object_wirelesscontroller_ strvap_ id 
- an identifier for the resource with format {{name}}.
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- owe_groups Sequence[str]
- OWE-Groups. Valid values: 19,20,21.
- owe_transition str
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- owe_transition_ strssid 
- OWE transition mode peer SSID.
- passphrases Sequence[str]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmf_assoc_ floatcomeback_ timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_sa_ floatquery_ retry_ timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_macauth str
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- port_macauth_ floatreauth_ timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- port_macauth_ floattimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portal_message_ stroverride_ group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_message_ Objectoverrides Wirelesscontroller Vap Portal Message Overrides Args 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portal_type str
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primary_wag_ strprofile 
- Primary wireless access gateway profile name.
- probe_resp_ strsuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probe_resp_ strthreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_rekey str
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptk_rekey_ floatintv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos_profile str
- Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_sensitivity str
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radius_mac_ strauth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radius_mac_ floatauth_ block_ interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_mac_ strauth_ server 
- RADIUS-based MAC authentication server.
- radius_mac_ Sequence[str]auth_ usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radius_mac_ strmpsk_ auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radius_mac_ floatmpsk_ timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_server str
- RADIUS server to be used to authenticate WiFi users.
- rates11ac_mcs_ strmap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_ss12s Sequence[str]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11ac_ss34s Sequence[str]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as Sequence[str]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11ax_mcs_ strmap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_ss12s Sequence[str]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ax_ss34s Sequence[str]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs Sequence[str]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11n_ss12s Sequence[str]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11n_ss34s Sequence[str]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roaming_acct_ strinterim_ update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- sae_groups Sequence[str]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- sae_h2e_ stronly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_hnp_ stronly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_passwords Sequence[str]
- WPA3 SAE password to be used to authenticate WiFi users.
- sae_pk str
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- sae_private_ strkey 
- Private key used for WPA3 SAE-PK authentication.
- scan_botnet_ strconnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules Sequence[str]
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype str
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondary_wag_ strprofile 
- Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- security_exempt_ strlist 
- Optional security exempt list for captive portal authentication.
- security_obsolete_ stroption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- security_redirect_ strurl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selected_usergroups str
- Selective user groups that are permitted to authenticate.
- split_tunneling str
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_client_ strremove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- sticky_client_ strthreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- sticky_client_ strthreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- sticky_client_ strthreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_wake_ strtime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkip_counter_ strmeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnel_echo_ floatinterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_fallback_ floatinterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup str
- Firewall user group to be used to authenticate WiFi users.
- utm_log str
- Enable/disable UTM logging. Valid values: disable,enable.
- utm_profile str
- UTM profile name.
- utm_status str
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom str
- Name of the VDOM that the Virtual AP has been added to.
- vlan_auto str
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlan_names Sequence[ObjectWirelesscontroller Vap Vlan Name Args] 
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlan_pooling str
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlan_pools Sequence[ObjectWirelesscontroller Vap Vlan Pool Args] 
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid float
- Optional VLAN ID.
- voice_enterprise str
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilter_profile str
- WebFilter profile name.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- accessControl StringList 
- access-control-list profile name.
- acctInterim NumberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional AKMs. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Configure MAC address filtering policy for MAC addresses that are in the address-group. Valid values: disable,allow,deny.
- adom String
- Adom. This value is valid only when the scopetypeisadom, otherwise the value of adom in the provider will be inherited.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Enable/disable application detection engine (default = disable). Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport NumberIntv 
- Application report interval (30 - 864000 sec, default = 120).
- atfWeight Number
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Enable/disable 802.11ax partial BSS color (default = enable). Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Enable/disable forcing of disassociation after the BSTM request timer has been reached (default = enable). Valid values: disable,enable.
- bstmLoad NumberBalancing Disassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing (0 to 30, default = 10).
- bstmRssi NumberDisassoc Timer 
- Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI (0 to 2000, default = 200).
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal NumberAuth Timeout 
- Hard timeout - AP will always clear the session after timeout regardless of traffic (0 - 864000 sec, default = 0).
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal NumberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- dhcpAddress StringEnforcement 
- Enable/disable DHCP address enforcement (default = disable). Valid values: disable,enable.
- dhcpLease NumberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Enable/disable insertion of DHCP option 43 (default = enable). Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicMappings List<Property Map>
- Dynamic_Mapping. The structure of dynamic_mappingblock is documented below.
- dynamicSort StringSubtable 
- true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth NumberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility NumberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key NumberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback NumberDelay 
- GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500).
- gasFragmentation NumberLimit 
- GAS fragmentation limit (512 - 4096, default = 1024).
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey NumberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Enable/disable IGMP snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Optional rules of IPv6 packets. For example, you can keep RA, RS and so on off of the wireless network. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Number
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- Enable/disable layer 3 roaming (default = disable). Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- MAC called station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- MAC calling station delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- MAC case (default = uppercase). Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter List<Property Map>Lists 
- Mac-Filter-List. The structure of mac_filter_listblock is documented below.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- MAC authentication password delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- MAC authentication username delimiter (default = hyphen). Valid values: hyphen,single-hyphen,colon,none.
- maxClients Number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients NumberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Enable/disable Multiband Operation (default = disable). Valid values: disable,enable.
- mboCell StringData Conn Pref 
- MBO cell data connection preference (0, 1, or 255, default = 1). Valid values: excluded,prefer-not,prefer-use.
- meDisable NumberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent NumberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskKeys List<Property Map>
- Mpsk-Key. The structure of mpsk_keyblock is documented below.
- mpskProfile String
- MPSK profile name.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Enable/disable network access control. Valid values: disable,enable.
- nacProfile String
- NAC profile name.
- name String
- Virtual AP name.
- neighborReport StringDual Band 
- Enable/disable dual-band neighbor report (default = disable). Valid values: disable,enable.
- objectWirelesscontroller StringVap Id 
- an identifier for the resource with format {{name}}.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc NumberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa NumberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Enable/disable LAN port MAC authentication (default = disable). Valid values: disable,radius,address-group.
- portMacauth NumberReauth Timeout 
- LAN port MAC authentication re-authentication timeout value (default = 7200 sec).
- portMacauth NumberTimeout 
- LAN port MAC authentication idle timeout value (default = 600 sec).
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalMessage Property MapOverrides 
- Portal-Message-Overrides. The structure of portal_message_overridesblock is documented below.
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey NumberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac NumberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac NumberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedules List<String>
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- scopetype String
- The scope of application of the resource. Valid values: inherit,adom,global. Theinheritmeans that the scopetype of the provider will be inherited, and adom will also be inherited. The default value isinherit.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Enable/disable sticky client remove to maintain good signal level clients in SSID. (default = disable). Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP (-95 to -20, default = -79).
- stickyClient StringThreshold5g 
- Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP (-95 to -20, default = -76).
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho NumberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback NumberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Name of the VDOM that the Virtual AP has been added to.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanNames List<Property Map>
- Vlan-Name. The structure of vlan_nameblock is documented below.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanPools List<Property Map>
- Vlan-Pool. The structure of vlan_poolblock is documented below.
- vlanid Number
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
Supporting Types
ObjectWirelesscontrollerVapDynamicMapping, ObjectWirelesscontrollerVapDynamicMappingArgs          
- AccessControl stringList 
- Access-Control-List.
- AcctInterim doubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms List<string>
- Additional-Akms. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Application-Detection-Engine. Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport doubleIntv 
- Application-Report-Intv.
- AtfWeight double
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings List<string>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions List<string>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Bss-Color-Partial. Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- BstmLoad doubleBalancing Disassoc Timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- BstmRssi doubleDisassoc Timer 
- Bstm-Rssi-Disassoc-Timer.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal doubleAuth Timeout 
- Captive-Portal-Auth-Timeout.
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal List<string>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal List<string>Radius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal doubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- ClientCount double
- Client-Count.
- DhcpAddress stringEnforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- DhcpLease doubleTime 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth doubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility doubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key doubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback doubleDelay 
- Gas-Comeback-Delay.
- GasFragmentation doubleLimit 
- Gas-Fragmentation-Limit.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey doubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Igmp-Snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules List<string>
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex double
- WEP key index (1 - 4).
- Keys List<string>
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone List<string>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- LocalSwitching string
- Local-Switching. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- Mac-Case. Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MaxClients double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients doubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values: disable,enable.
- MboCell stringData Conn Pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- MeDisable doubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent doubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskProfile string
- Mpsk-Profile.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Nac. Valid values: disable,enable.
- NacProfile string
- Nac-Profile.
- NeighborReport stringDual Band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups List<string>
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases List<string>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc doubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa doubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Port-Macauth. Valid values: disable,radius,address-group.
- PortMacauth doubleReauth Timeout 
- Port-Macauth-Reauth-Timeout.
- PortMacauth doubleTimeout 
- Port-Macauth-Timeout.
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey doubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac doubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac List<string>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac doubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s List<string>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s List<string>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as List<string>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s List<string>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s List<string>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs List<string>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s List<string>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s List<string>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups List<string>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords List<string>
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Sticky-Client-Remove. Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Sticky-Client-Threshold-2G.
- StickyClient stringThreshold5g 
- Sticky-Client-Threshold-5G.
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho doubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback doubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Vdom.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- Vlanid double
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<string>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<string>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf List<string>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> 
- _Scope. The structure of _scopeblock is documented below.
- AccessControl stringList 
- Access-Control-List.
- AcctInterim float64Interval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- AdditionalAkms []string
- Additional-Akms. Valid values: akm6.
- AddressGroup string
- Address group ID.
- AddressGroup stringPolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- Alias string
- Alias.
- AntivirusProfile string
- AntiVirus profile name.
- ApplicationDetection stringEngine 
- Application-Detection-Engine. Valid values: disable,enable.
- ApplicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- ApplicationList string
- Application control list name.
- ApplicationReport float64Intv 
- Application-Report-Intv.
- AtfWeight float64
- Airtime weight in percentage (default = 20).
- Auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- AuthCert string
- HTTPS server certificate.
- AuthPortal stringAddr 
- Address of captive portal.
- BeaconAdvertisings []string
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- BroadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- BroadcastSuppressions []string
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- BssColor stringPartial 
- Bss-Color-Partial. Valid values: disable,enable.
- BstmDisassociation stringImminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- BstmLoad float64Balancing Disassoc Timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- BstmRssi float64Disassoc Timer 
- Bstm-Rssi-Disassoc-Timer.
- CaptivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- CaptivePortal float64Auth Timeout 
- Captive-Portal-Auth-Timeout.
- CaptivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- CaptivePortal []stringMacauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- CaptivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- CaptivePortal []stringRadius Secrets 
- Secret key to access the RADIUS server.
- CaptivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- CaptivePortal float64Session Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- ClientCount float64
- Client-Count.
- DhcpAddress stringEnforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- DhcpLease float64Time 
- DHCP lease time in seconds for NAT IP address.
- DhcpOption43Insertion string
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- DhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- DhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- DhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- DynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- EapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- EapReauth float64Intv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- EapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- Encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- ExternalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- ExternalLogout string
- URL of external authentication logout server.
- ExternalWeb string
- URL of external authentication web server.
- ExternalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- FastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- FastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- FtMobility float64Domain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- FtOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- FtR0Key float64Lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- GasComeback float64Delay 
- Gas-Comeback-Delay.
- GasFragmentation float64Limit 
- Gas-Fragmentation-Limit.
- GtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- GtkRekey float64Intv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- HighEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- Hotspot20Profile string
- Hotspot 2.0 profile name.
- IgmpSnooping string
- Igmp-Snooping. Valid values: disable,enable.
- IntraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- Ip string
- IP address and subnet mask for the local standalone NAT subnet.
- IpsSensor string
- IPS sensor name.
- Ipv6Rules []string
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- Keyindex float64
- WEP key index (1 - 4).
- Keys []string
- WEP Key.
- L3Roaming string
- L3-Roaming. Valid values: disable,enable.
- L3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- Ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- LocalAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- LocalBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- LocalLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- LocalStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- LocalStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- LocalStandalone []stringDns Ips 
- IPv4 addresses for the local standalone DNS.
- LocalStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- LocalSwitching string
- Local-Switching. Valid values: disable,enable.
- MacAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- MacCalled stringStation Delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacCalling stringStation Delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacCase string
- Mac-Case. Valid values: uppercase,lowercase.
- MacFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- MacFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- MacPassword stringDelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MacUsername stringDelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- MaxClients float64
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- MaxClients float64Ap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- Mbo string
- Mbo. Valid values: disable,enable.
- MboCell stringData Conn Pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- MeDisable float64Thresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- MeshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- Mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- MpskConcurrent float64Clients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- MpskProfile string
- Mpsk-Profile.
- MuMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- MulticastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- MulticastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- N80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- N80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- Nac string
- Nac. Valid values: disable,enable.
- NacProfile string
- Nac-Profile.
- NeighborReport stringDual Band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- Okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- Osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- OweGroups []string
- OWE-Groups. Valid values: 19,20,21.
- OweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- OweTransition stringSsid 
- OWE transition mode peer SSID.
- Passphrases []string
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- Pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- PmfAssoc float64Comeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- PmfSa float64Query Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- PortMacauth string
- Port-Macauth. Valid values: disable,radius,address-group.
- PortMacauth float64Reauth Timeout 
- Port-Macauth-Reauth-Timeout.
- PortMacauth float64Timeout 
- Port-Macauth-Timeout.
- PortalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- PortalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- PrimaryWag stringProfile 
- Primary wireless access gateway profile name.
- ProbeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- ProbeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- PtkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- PtkRekey float64Intv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- QosProfile string
- Quality of service profile name.
- Quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- Radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- Radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- RadioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- RadiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- RadiusMac float64Auth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- RadiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- RadiusMac []stringAuth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- RadiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- RadiusMac float64Mpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- RadiusServer string
- RADIUS server to be used to authenticate WiFi users.
- Rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- Rates11acSs12s []string
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- Rates11acSs34s []string
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- Rates11as []string
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- Rates11axSs12s []string
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- Rates11axSs34s []string
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- Rates11bgs []string
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- Rates11nSs12s []string
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- Rates11nSs34s []string
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- RoamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- SaeGroups []string
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- SaeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- SaePasswords []string
- WPA3 SAE password to be used to authenticate WiFi users.
- SaePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- SaePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- ScanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- Schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- SecondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- Security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- SecurityExempt stringList 
- Optional security exempt list for captive portal authentication.
- SecurityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- SecurityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- SelectedUsergroups string
- Selective user groups that are permitted to authenticate.
- SplitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- Ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- StickyClient stringRemove 
- Sticky-Client-Remove. Valid values: disable,enable.
- StickyClient stringThreshold2g 
- Sticky-Client-Threshold-2G.
- StickyClient stringThreshold5g 
- Sticky-Client-Threshold-5G.
- StickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- TargetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- TkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- TunnelEcho float64Interval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- TunnelFallback float64Interval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- Usergroup string
- Firewall user group to be used to authenticate WiFi users.
- UtmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- UtmProfile string
- UTM profile name.
- UtmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- Vdom string
- Vdom.
- VlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- VlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- Vlanid float64
- Optional VLAN ID.
- VoiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- WebfilterProfile string
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf []stringAllowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf []stringDhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf []stringIp6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes []ObjectWirelesscontroller Vap Dynamic Mapping_Scope 
- _Scope. The structure of _scopeblock is documented below.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes List<ObjectWirelesscontroller Vap Dynamic Mapping_Scope> 
- _Scope. The structure of _scopeblock is documented below.
- accessControl StringList 
- Access-Control-List.
- acctInterim DoubleInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional-Akms. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Application-Detection-Engine. Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport DoubleIntv 
- Application-Report-Intv.
- atfWeight Double
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Bss-Color-Partial. Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- bstmLoad DoubleBalancing Disassoc Timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- bstmRssi DoubleDisassoc Timer 
- Bstm-Rssi-Disassoc-Timer.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal DoubleAuth Timeout 
- Captive-Portal-Auth-Timeout.
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal DoubleSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- clientCount Double
- Client-Count.
- dhcpAddress StringEnforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- dhcpLease DoubleTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth DoubleIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility DoubleDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key DoubleLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback DoubleDelay 
- Gas-Comeback-Delay.
- gasFragmentation DoubleLimit 
- Gas-Fragmentation-Limit.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey DoubleIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Igmp-Snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Double
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- localSwitching String
- Local-Switching. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- Mac-Case. Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- maxClients Double
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients DoubleAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values: disable,enable.
- mboCell StringData Conn Pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- meDisable DoubleThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent DoubleClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskProfile String
- Mpsk-Profile.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Nac. Valid values: disable,enable.
- nacProfile String
- Nac-Profile.
- neighborReport StringDual Band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc DoubleComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa DoubleQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Port-Macauth. Valid values: disable,radius,address-group.
- portMacauth DoubleReauth Timeout 
- Port-Macauth-Reauth-Timeout.
- portMacauth DoubleTimeout 
- Port-Macauth-Timeout.
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey DoubleIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac DoubleAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac DoubleMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Sticky-Client-Remove. Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Sticky-Client-Threshold-2G.
- stickyClient StringThreshold5g 
- Sticky-Client-Threshold-5G.
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho DoubleInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback DoubleInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Vdom.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanid Double
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
- _centmgmt string
- _Centmgmt. Valid values: disable,enable.
- _dhcp stringSvr Id 
- _Dhcp_Svr_Id.
- _intf string[]Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf stringDevice Access List 
- _Intf_Device-Access-List.
- _intf stringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf stringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf stringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf stringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf string[]Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf stringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf stringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf stringIp 
- _Intf_Ip.
- _intf stringIp6Address 
- _Intf_Ip6-Address.
- _intf string[]Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf stringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is stringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes ObjectWirelesscontroller Vap Dynamic Mapping_Scope[] 
- _Scope. The structure of _scopeblock is documented below.
- accessControl stringList 
- Access-Control-List.
- acctInterim numberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms string[]
- Additional-Akms. Valid values: akm6.
- addressGroup string
- Address group ID.
- addressGroup stringPolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- alias string
- Alias.
- antivirusProfile string
- AntiVirus profile name.
- applicationDetection stringEngine 
- Application-Detection-Engine. Valid values: disable,enable.
- applicationDscp stringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList string
- Application control list name.
- applicationReport numberIntv 
- Application-Report-Intv.
- atfWeight number
- Airtime weight in percentage (default = 20).
- auth string
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert string
- HTTPS server certificate.
- authPortal stringAddr 
- Address of captive portal.
- beaconAdvertisings string[]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid string
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions string[]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor stringPartial 
- Bss-Color-Partial. Valid values: disable,enable.
- bstmDisassociation stringImminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- bstmLoad numberBalancing Disassoc Timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- bstmRssi numberDisassoc Timer 
- Bstm-Rssi-Disassoc-Timer.
- captivePortal stringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal numberAuth Timeout 
- Captive-Portal-Auth-Timeout.
- captivePortal stringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal string[]Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal stringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal string[]Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal stringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal numberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- clientCount number
- Client-Count.
- dhcpAddress stringEnforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- dhcpLease numberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion string
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- dhcpOption82Circuit stringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion string
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote stringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicVlan string
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth string
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth numberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey stringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt string
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast stringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout string
- URL of external authentication logout server.
- externalWeb string
- URL of external authentication web server.
- externalWeb stringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss stringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming string
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility numberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver stringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key numberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback numberDelay 
- Gas-Comeback-Delay.
- gasFragmentation numberLimit 
- Gas-Fragmentation-Limit.
- gtkRekey string
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey numberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency string
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile string
- Hotspot 2.0 profile name.
- igmpSnooping string
- Igmp-Snooping. Valid values: disable,enable.
- intraVap stringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip string
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor string
- IPS sensor name.
- ipv6Rules string[]
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex number
- WEP key index (1 - 4).
- keys string[]
- WEP Key.
- l3Roaming string
- L3-Roaming. Valid values: disable,enable.
- l3RoamingMode string
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc string
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication string
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging string
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan string
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone string
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone stringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone string[]Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone stringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- localSwitching string
- Local-Switching. Valid values: disable,enable.
- macAuth stringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled stringStation Delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCalling stringStation Delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCase string
- Mac-Case. Valid values: uppercase,lowercase.
- macFilter string
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter stringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword stringDelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macUsername stringDelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- maxClients number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients numberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo string
- Mbo. Valid values: disable,enable.
- mboCell stringData Conn Pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- meDisable numberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul string
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk string
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent numberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskProfile string
- Mpsk-Profile.
- muMimo string
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance string
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate string
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k string
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v string
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac string
- Nac. Valid values: disable,enable.
- nacProfile string
- Nac-Profile.
- neighborReport stringDual Band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- okc string
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen string
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups string[]
- OWE-Groups. Valid values: 19,20,21.
- oweTransition string
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition stringSsid 
- OWE transition mode peer SSID.
- passphrases string[]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf string
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc numberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa numberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth string
- Port-Macauth. Valid values: disable,radius,address-group.
- portMacauth numberReauth Timeout 
- Port-Macauth-Reauth-Timeout.
- portMacauth numberTimeout 
- Port-Macauth-Timeout.
- portalMessage stringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalType string
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag stringProfile 
- Primary wireless access gateway profile name.
- probeResp stringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp stringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey string
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey numberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile string
- Quality of service profile name.
- quarantine string
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold string
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity string
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac stringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac numberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac stringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac string[]Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac stringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac numberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer string
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs stringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s string[]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s string[]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as string[]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs stringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s string[]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s string[]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs string[]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s string[]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s string[]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct stringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups string[]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e stringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp stringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords string[]
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk string
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate stringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet stringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedule string
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- secondaryWag stringProfile 
- Secondary wireless access gateway profile name.
- security string
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt stringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete stringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect stringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups string
- Selective user groups that are permitted to authenticate.
- splitTunneling string
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid string
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient stringRemove 
- Sticky-Client-Remove. Valid values: disable,enable.
- stickyClient stringThreshold2g 
- Sticky-Client-Threshold-2G.
- stickyClient stringThreshold5g 
- Sticky-Client-Threshold-5G.
- stickyClient stringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake stringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter stringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho numberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback numberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup string
- Firewall user group to be used to authenticate WiFi users.
- utmLog string
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile string
- UTM profile name.
- utmStatus string
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom string
- Vdom.
- vlanAuto string
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanPooling string
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanid number
- Optional VLAN ID.
- voiceEnterprise string
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile string
- WebFilter profile name.
- _centmgmt str
- _Centmgmt. Valid values: disable,enable.
- _dhcp_ strsvr_ id 
- _Dhcp_Svr_Id.
- _intf_ Sequence[str]allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf_ strdevice_ access_ list 
- _Intf_Device-Access-List.
- _intf_ strdevice_ identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf_ strdevice_ netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf_ strdhcp6_ relay_ service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp6_ relay_ type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf_ Sequence[str]dhcp_ relay_ ips 
- _Intf_Dhcp-Relay-Ip.
- _intf_ strdhcp_ relay_ service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf_ strdhcp_ relay_ type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf_ strip 
- _Intf_Ip.
- _intf_ strip6_ address 
- _Intf_Ip6-Address.
- _intf_ Sequence[str]ip6_ allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf_ strlisten_ forticlient_ connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is_ strfactory_ setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes Sequence[ObjectWirelesscontroller Vap Dynamic Mapping_Scope] 
- _Scope. The structure of _scopeblock is documented below.
- access_control_ strlist 
- Access-Control-List.
- acct_interim_ floatinterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additional_akms Sequence[str]
- Additional-Akms. Valid values: akm6.
- address_group str
- Address group ID.
- address_group_ strpolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- alias str
- Alias.
- antivirus_profile str
- AntiVirus profile name.
- application_detection_ strengine 
- Application-Detection-Engine. Valid values: disable,enable.
- application_dscp_ strmarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- application_list str
- Application control list name.
- application_report_ floatintv 
- Application-Report-Intv.
- atf_weight float
- Airtime weight in percentage (default = 20).
- auth str
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- auth_cert str
- HTTPS server certificate.
- auth_portal_ straddr 
- Address of captive portal.
- beacon_advertisings Sequence[str]
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcast_ssid str
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcast_suppressions Sequence[str]
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bss_color_ strpartial 
- Bss-Color-Partial. Valid values: disable,enable.
- bstm_disassociation_ strimminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- bstm_load_ floatbalancing_ disassoc_ timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- bstm_rssi_ floatdisassoc_ timer 
- Bstm-Rssi-Disassoc-Timer.
- captive_portal_ strac_ name 
- Local-bridging captive portal ac-name.
- captive_portal_ floatauth_ timeout 
- Captive-Portal-Auth-Timeout.
- captive_portal_ strfw_ accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captive_portal_ Sequence[str]macauth_ radius_ secrets 
- Secret key to access the macauth RADIUS server.
- captive_portal_ strmacauth_ radius_ server 
- Captive portal external RADIUS server domain name or IP address.
- captive_portal_ Sequence[str]radius_ secrets 
- Secret key to access the RADIUS server.
- captive_portal_ strradius_ server 
- Captive portal RADIUS server domain name or IP address.
- captive_portal_ floatsession_ timeout_ interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- client_count float
- Client-Count.
- dhcp_address_ strenforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- dhcp_lease_ floattime 
- DHCP lease time in seconds for NAT IP address.
- dhcp_option43_ strinsertion 
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- dhcp_option82_ strcircuit_ id_ insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcp_option82_ strinsertion 
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcp_option82_ strremote_ id_ insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamic_vlan str
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eap_reauth str
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eap_reauth_ floatintv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapol_key_ strretries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt str
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- external_fast_ strroaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- external_logout str
- URL of external authentication logout server.
- external_web str
- URL of external authentication web server.
- external_web_ strformat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fast_bss_ strtransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fast_roaming str
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ft_mobility_ floatdomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ft_over_ strds 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ft_r0_ floatkey_ lifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gas_comeback_ floatdelay 
- Gas-Comeback-Delay.
- gas_fragmentation_ floatlimit 
- Gas-Fragmentation-Limit.
- gtk_rekey str
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtk_rekey_ floatintv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- high_efficiency str
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20_profile str
- Hotspot 2.0 profile name.
- igmp_snooping str
- Igmp-Snooping. Valid values: disable,enable.
- intra_vap_ strprivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip str
- IP address and subnet mask for the local standalone NAT subnet.
- ips_sensor str
- IPS sensor name.
- ipv6_rules Sequence[str]
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex float
- WEP key index (1 - 4).
- keys Sequence[str]
- WEP Key.
- l3_roaming str
- L3-Roaming. Valid values: disable,enable.
- l3_roaming_ strmode 
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc str
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- local_authentication str
- Enable/disable AP local authentication. Valid values: disable,enable.
- local_bridging str
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- local_lan str
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- local_standalone str
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- local_standalone_ strdns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- local_standalone_ Sequence[str]dns_ ips 
- IPv4 addresses for the local standalone DNS.
- local_standalone_ strnat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- local_switching str
- Local-Switching. Valid values: disable,enable.
- mac_auth_ strbypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- mac_called_ strstation_ delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- mac_calling_ strstation_ delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- mac_case str
- Mac-Case. Valid values: uppercase,lowercase.
- mac_filter str
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- mac_filter_ strpolicy_ other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- mac_password_ strdelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- mac_username_ strdelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- max_clients float
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- max_clients_ floatap 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo str
- Mbo. Valid values: disable,enable.
- mbo_cell_ strdata_ conn_ pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- me_disable_ floatthresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- mesh_backhaul str
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk str
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpsk_concurrent_ floatclients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpsk_profile str
- Mpsk-Profile.
- mu_mimo str
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicast_enhance str
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicast_rate str
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k str
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v str
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac str
- Nac. Valid values: disable,enable.
- nac_profile str
- Nac-Profile.
- neighbor_report_ strdual_ band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- okc str
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen str
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- owe_groups Sequence[str]
- OWE-Groups. Valid values: 19,20,21.
- owe_transition str
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- owe_transition_ strssid 
- OWE transition mode peer SSID.
- passphrases Sequence[str]
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf str
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmf_assoc_ floatcomeback_ timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmf_sa_ floatquery_ retry_ timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- port_macauth str
- Port-Macauth. Valid values: disable,radius,address-group.
- port_macauth_ floatreauth_ timeout 
- Port-Macauth-Reauth-Timeout.
- port_macauth_ floattimeout 
- Port-Macauth-Timeout.
- portal_message_ stroverride_ group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portal_type str
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primary_wag_ strprofile 
- Primary wireless access gateway profile name.
- probe_resp_ strsuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probe_resp_ strthreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptk_rekey str
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptk_rekey_ floatintv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qos_profile str
- Quality of service profile name.
- quarantine str
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5g_threshold str
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radio_sensitivity str
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radius_mac_ strauth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radius_mac_ floatauth_ block_ interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radius_mac_ strauth_ server 
- RADIUS-based MAC authentication server.
- radius_mac_ Sequence[str]auth_ usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radius_mac_ strmpsk_ auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radius_mac_ floatmpsk_ timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radius_server str
- RADIUS server to be used to authenticate WiFi users.
- rates11ac_mcs_ strmap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11ac_ss12s Sequence[str]
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11ac_ss34s Sequence[str]
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as Sequence[str]
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11ax_mcs_ strmap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11ax_ss12s Sequence[str]
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11ax_ss34s Sequence[str]
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs Sequence[str]
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11n_ss12s Sequence[str]
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11n_ss34s Sequence[str]
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roaming_acct_ strinterim_ update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- sae_groups Sequence[str]
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- sae_h2e_ stronly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_hnp_ stronly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- sae_passwords Sequence[str]
- WPA3 SAE password to be used to authenticate WiFi users.
- sae_pk str
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- sae_private_ strkey 
- Private key used for WPA3 SAE-PK authentication.
- scan_botnet_ strconnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedule str
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- secondary_wag_ strprofile 
- Secondary wireless access gateway profile name.
- security str
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- security_exempt_ strlist 
- Optional security exempt list for captive portal authentication.
- security_obsolete_ stroption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- security_redirect_ strurl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selected_usergroups str
- Selective user groups that are permitted to authenticate.
- split_tunneling str
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid str
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- sticky_client_ strremove 
- Sticky-Client-Remove. Valid values: disable,enable.
- sticky_client_ strthreshold2g 
- Sticky-Client-Threshold-2G.
- sticky_client_ strthreshold5g 
- Sticky-Client-Threshold-5G.
- sticky_client_ strthreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- target_wake_ strtime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkip_counter_ strmeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnel_echo_ floatinterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnel_fallback_ floatinterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup str
- Firewall user group to be used to authenticate WiFi users.
- utm_log str
- Enable/disable UTM logging. Valid values: disable,enable.
- utm_profile str
- UTM profile name.
- utm_status str
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom str
- Vdom.
- vlan_auto str
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlan_pooling str
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanid float
- Optional VLAN ID.
- voice_enterprise str
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilter_profile str
- WebFilter profile name.
- _centmgmt String
- _Centmgmt. Valid values: disable,enable.
- _dhcp StringSvr Id 
- _Dhcp_Svr_Id.
- _intf List<String>Allowaccesses 
- _Intf_Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,fgfm,auto-ipsec,radius-acct,probe-response,capwap.
- _intf StringDevice Access List 
- _Intf_Device-Access-List.
- _intf StringDevice Identification 
- _Intf_Device-Identification. Valid values: disable,enable.
- _intf StringDevice Netscan 
- _Intf_Device-Netscan. Valid values: disable,enable.
- _intf StringDhcp6Relay Ip 
- _Intf_Dhcp6-Relay-Ip.
- _intf StringDhcp6Relay Service 
- _Intf_Dhcp6-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp6Relay Type 
- _Intf_Dhcp6-Relay-Type. Valid values: regular.
- _intf List<String>Dhcp Relay Ips 
- _Intf_Dhcp-Relay-Ip.
- _intf StringDhcp Relay Service 
- _Intf_Dhcp-Relay-Service. Valid values: disable,enable.
- _intf StringDhcp Relay Type 
- _Intf_Dhcp-Relay-Type. Valid values: regular,ipsec.
- _intf StringIp 
- _Intf_Ip.
- _intf StringIp6Address 
- _Intf_Ip6-Address.
- _intf List<String>Ip6Allowaccesses 
- _Intf_Ip6-Allowaccess. Valid values: https,ping,ssh,snmp,http,telnet,any,fgfm,capwap.
- _intf StringListen Forticlient Connection 
- _Intf_Listen-Forticlient-Connection. Valid values: disable,enable.
- _is StringFactory Setting 
- _Is_Factory_Setting. Valid values: disable,enable,ext.
- _scopes List<Property Map>
- _Scope. The structure of _scopeblock is documented below.
- accessControl StringList 
- Access-Control-List.
- acctInterim NumberInterval 
- WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0).
- additionalAkms List<String>
- Additional-Akms. Valid values: akm6.
- addressGroup String
- Address group ID.
- addressGroup StringPolicy 
- Address-Group-Policy. Valid values: disable,allow,deny.
- alias String
- Alias.
- antivirusProfile String
- AntiVirus profile name.
- applicationDetection StringEngine 
- Application-Detection-Engine. Valid values: disable,enable.
- applicationDscp StringMarking 
- Enable/disable application attribute based DSCP marking (default = disable). Valid values: disable,enable.
- applicationList String
- Application control list name.
- applicationReport NumberIntv 
- Application-Report-Intv.
- atfWeight Number
- Airtime weight in percentage (default = 20).
- auth String
- Authentication protocol. Valid values: PSK,psk,RADIUS,radius,usergroup.
- authCert String
- HTTPS server certificate.
- authPortal StringAddr 
- Address of captive portal.
- beaconAdvertisings List<String>
- Fortinet beacon advertising IE data (default = empty). Valid values: name,model,serial-number.
- broadcastSsid String
- Enable/disable broadcasting the SSID (default = enable). Valid values: disable,enable.
- broadcastSuppressions List<String>
- Optional suppression of broadcast messages. For example, you can keep DHCP messages, ARP broadcasts, and so on off of the wireless network. Valid values: dhcp,arp,dhcp2,arp2,netbios-ns,netbios-ds,arp3,dhcp-up,dhcp-down,arp-known,arp-unknown,arp-reply,ipv6,dhcp-starvation,arp-poison,all-other-mc,all-other-bc,arp-proxy,dhcp-ucast.
- bssColor StringPartial 
- Bss-Color-Partial. Valid values: disable,enable.
- bstmDisassociation StringImminent 
- Bstm-Disassociation-Imminent. Valid values: disable,enable.
- bstmLoad NumberBalancing Disassoc Timer 
- Bstm-Load-Balancing-Disassoc-Timer.
- bstmRssi NumberDisassoc Timer 
- Bstm-Rssi-Disassoc-Timer.
- captivePortal StringAc Name 
- Local-bridging captive portal ac-name.
- captivePortal NumberAuth Timeout 
- Captive-Portal-Auth-Timeout.
- captivePortal StringFw Accounting 
- Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: disable,enable.
- captivePortal List<String>Macauth Radius Secrets 
- Secret key to access the macauth RADIUS server.
- captivePortal StringMacauth Radius Server 
- Captive portal external RADIUS server domain name or IP address.
- captivePortal List<String>Radius Secrets 
- Secret key to access the RADIUS server.
- captivePortal StringRadius Server 
- Captive portal RADIUS server domain name or IP address.
- captivePortal NumberSession Timeout Interval 
- Session timeout interval (0 - 864000 sec, default = 0).
- clientCount Number
- Client-Count.
- dhcpAddress StringEnforcement 
- Dhcp-Address-Enforcement. Valid values: disable,enable.
- dhcpLease NumberTime 
- DHCP lease time in seconds for NAT IP address.
- dhcpOption43Insertion String
- Dhcp-Option43-Insertion. Valid values: disable,enable.
- dhcpOption82Circuit StringId Insertion 
- Enable/disable DHCP option 82 circuit-id insert (default = disable). Valid values: disable,style-1,style-2,style-3.
- dhcpOption82Insertion String
- Enable/disable DHCP option 82 insert (default = disable). Valid values: disable,enable.
- dhcpOption82Remote StringId Insertion 
- Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: disable,style-1.
- dynamicVlan String
- Enable/disable dynamic VLAN assignment. Valid values: disable,enable.
- eapReauth String
- Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: disable,enable.
- eapReauth NumberIntv 
- EAP re-authentication interval (1800 - 864000 sec, default = 86400).
- eapolKey StringRetries 
- Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: disable,enable.
- encrypt String
- Encryption protocol to use (only available when security is set to a WPA type). Valid values: TKIP,AES,TKIP-AES.
- externalFast StringRoaming 
- Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate (default = disable). Valid values: disable,enable.
- externalLogout String
- URL of external authentication logout server.
- externalWeb String
- URL of external authentication web server.
- externalWeb StringFormat 
- URL query parameter detection (default = auto-detect). Valid values: auto-detect,no-query-string,partial-query-string.
- fastBss StringTransition 
- Enable/disable 802.11r Fast BSS Transition (FT) (default = disable). Valid values: disable,enable.
- fastRoaming String
- Enable/disable fast-roaming, or pre-authentication, where supported by clients (default = disable). Valid values: disable,enable.
- ftMobility NumberDomain 
- Mobility domain identifier in FT (1 - 65535, default = 1000).
- ftOver StringDs 
- Enable/disable FT over the Distribution System (DS). Valid values: disable,enable.
- ftR0Key NumberLifetime 
- Lifetime of the PMK-R0 key in FT, 1-65535 minutes.
- gasComeback NumberDelay 
- Gas-Comeback-Delay.
- gasFragmentation NumberLimit 
- Gas-Fragmentation-Limit.
- gtkRekey String
- Enable/disable GTK rekey for WPA security. Valid values: disable,enable.
- gtkRekey NumberIntv 
- GTK rekey interval (1800 - 864000 sec, default = 86400).
- highEfficiency String
- Enable/disable 802.11ax high efficiency (default = enable). Valid values: disable,enable.
- hotspot20Profile String
- Hotspot 2.0 profile name.
- igmpSnooping String
- Igmp-Snooping. Valid values: disable,enable.
- intraVap StringPrivacy 
- Enable/disable blocking communication between clients on the same SSID (called intra-SSID privacy) (default = disable). Valid values: disable,enable.
- ip String
- IP address and subnet mask for the local standalone NAT subnet.
- ipsSensor String
- IPS sensor name.
- ipv6Rules List<String>
- Ipv6-Rules. Valid values: drop-icmp6ra,drop-icmp6rs,drop-llmnr6,drop-icmp6mld2,drop-dhcp6s,drop-dhcp6c,ndp-proxy,drop-ns-dad,drop-ns-nondad.
- keyindex Number
- WEP key index (1 - 4).
- keys List<String>
- WEP Key.
- l3Roaming String
- L3-Roaming. Valid values: disable,enable.
- l3RoamingMode String
- Select the way that layer 3 roaming traffic is passed (default = direct). Valid values: direct,indirect.
- ldpc String
- VAP low-density parity-check (LDPC) coding configuration. Valid values: disable,tx,rx,rxtx.
- localAuthentication String
- Enable/disable AP local authentication. Valid values: disable,enable.
- localBridging String
- Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP (default = disable). Valid values: disable,enable.
- localLan String
- Allow/deny traffic destined for a Class A, B, or C private IP address (default = allow). Valid values: deny,allow.
- localStandalone String
- Enable/disable AP local standalone (default = disable). Valid values: disable,enable.
- localStandalone StringDns 
- Enable/disable AP local standalone DNS. Valid values: disable,enable.
- localStandalone List<String>Dns Ips 
- IPv4 addresses for the local standalone DNS.
- localStandalone StringNat 
- Enable/disable AP local standalone NAT mode. Valid values: disable,enable.
- localSwitching String
- Local-Switching. Valid values: disable,enable.
- macAuth StringBypass 
- Enable/disable MAC authentication bypass. Valid values: disable,enable.
- macCalled StringStation Delimiter 
- Mac-Called-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCalling StringStation Delimiter 
- Mac-Calling-Station-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macCase String
- Mac-Case. Valid values: uppercase,lowercase.
- macFilter String
- Enable/disable MAC filtering to block wireless clients by mac address. Valid values: disable,enable.
- macFilter StringPolicy Other 
- Allow or block clients with MAC addresses that are not in the filter list. Valid values: deny,allow.
- macPassword StringDelimiter 
- Mac-Password-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- macUsername StringDelimiter 
- Mac-Username-Delimiter. Valid values: hyphen,single-hyphen,colon,none.
- maxClients Number
- Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation).
- maxClients NumberAp 
- Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation).
- mbo String
- Mbo. Valid values: disable,enable.
- mboCell StringData Conn Pref 
- Mbo-Cell-Data-Conn-Pref. Valid values: excluded,prefer-not,prefer-use.
- meDisable NumberThresh 
- Disable multicast enhancement when this many clients are receiving multicast traffic.
- meshBackhaul String
- Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: disable,enable.
- mpsk String
- Enable/disable multiple PSK authentication. Valid values: disable,enable.
- mpskConcurrent NumberClients 
- Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation).
- mpskProfile String
- Mpsk-Profile.
- muMimo String
- Enable/disable Multi-user MIMO (default = enable). Valid values: disable,enable.
- multicastEnhance String
- Enable/disable converting multicast to unicast to improve performance (default = disable). Valid values: disable,enable.
- multicastRate String
- Multicast rate (0, 6000, 12000, or 24000 kbps, default = 0). Valid values: 0,6000,12000,24000.
- n80211k String
- Enable/disable 802.11k assisted roaming (default = enable). Valid values: disable,enable.
- n80211v String
- Enable/disable 802.11v assisted roaming (default = enable). Valid values: disable,enable.
- nac String
- Nac. Valid values: disable,enable.
- nacProfile String
- Nac-Profile.
- neighborReport StringDual Band 
- Neighbor-Report-Dual-Band. Valid values: disable,enable.
- okc String
- Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: disable,enable.
- osen String
- Enable/disable OSEN as part of key management (default = disable). Valid values: disable,enable.
- oweGroups List<String>
- OWE-Groups. Valid values: 19,20,21.
- oweTransition String
- Enable/disable OWE transition mode support. Valid values: disable,enable.
- oweTransition StringSsid 
- OWE transition mode peer SSID.
- passphrases List<String>
- WPA pre-shared key (PSK) to be used to authenticate WiFi users.
- pmf String
- Protected Management Frames (PMF) support (default = disable). Valid values: disable,enable,optional.
- pmfAssoc NumberComeback Timeout 
- Protected Management Frames (PMF) comeback maximum timeout (1-20 sec).
- pmfSa NumberQuery Retry Timeout 
- Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec).
- portMacauth String
- Port-Macauth. Valid values: disable,radius,address-group.
- portMacauth NumberReauth Timeout 
- Port-Macauth-Reauth-Timeout.
- portMacauth NumberTimeout 
- Port-Macauth-Timeout.
- portalMessage StringOverride Group 
- Replacement message group for this VAP (only available when security is set to a captive portal type).
- portalType String
- Captive portal functionality. Configure how the captive portal authenticates users and whether it includes a disclaimer. Valid values: auth,auth+disclaimer,disclaimer,email-collect,cmcc,cmcc-macauth,auth-mac,external-auth.
- primaryWag StringProfile 
- Primary wireless access gateway profile name.
- probeResp StringSuppression 
- Enable/disable probe response suppression (to ignore weak signals) (default = disable). Valid values: disable,enable.
- probeResp StringThreshold 
- Minimum signal level/threshold in dBm required for the AP response to probe requests (-95 to -20, default = -80).
- ptkRekey String
- Enable/disable PTK rekey for WPA-Enterprise security. Valid values: disable,enable.
- ptkRekey NumberIntv 
- PTK rekey interval (1800 - 864000 sec, default = 86400).
- qosProfile String
- Quality of service profile name.
- quarantine String
- Enable/disable station quarantine (default = enable). Valid values: disable,enable.
- radio2gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.4G band (-95 to -20, default = -79).
- radio5gThreshold String
- Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band(-95 to -20, default = -76).
- radioSensitivity String
- Enable/disable software radio sensitivity (to ignore weak signals) (default = disable). Valid values: disable,enable.
- radiusMac StringAuth 
- Enable/disable RADIUS-based MAC authentication of clients (default = disable). Valid values: disable,enable.
- radiusMac NumberAuth Block Interval 
- Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking).
- radiusMac StringAuth Server 
- RADIUS-based MAC authentication server.
- radiusMac List<String>Auth Usergroups 
- Selective user groups that are permitted for RADIUS mac authentication.
- radiusMac StringMpsk Auth 
- Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: disable,enable.
- radiusMac NumberMpsk Timeout 
- RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400).
- radiusServer String
- RADIUS server to be used to authenticate WiFi users.
- rates11acMcs StringMap 
- Comma separated list of max supported VHT MCS for spatial streams 1 through 8.
- rates11acSs12s List<String>
- Allowed data rates for 802.11ac/ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/1,mcs11/1,mcs10/2,mcs11/2.
- rates11acSs34s List<String>
- Allowed data rates for 802.11ac/ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/3,mcs11/3,mcs10/4,mcs11/4.
- rates11as List<String>
- Allowed data rates for 802.11a. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11axMcs StringMap 
- Comma separated list of max supported HE MCS for spatial streams 1 through 8.
- rates11axSs12s List<String>
- Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/1,mcs9/1,mcs10/1,mcs11/1,mcs0/2,mcs1/2,mcs2/2,mcs3/2,mcs4/2,mcs5/2,mcs6/2,mcs7/2,mcs8/2,mcs9/2,mcs10/2,mcs11/2.
- rates11axSs34s List<String>
- Allowed data rates for 802.11ax with 3 or 4 spatial streams. Valid values: mcs0/3,mcs1/3,mcs2/3,mcs3/3,mcs4/3,mcs5/3,mcs6/3,mcs7/3,mcs8/3,mcs9/3,mcs10/3,mcs11/3,mcs0/4,mcs1/4,mcs2/4,mcs3/4,mcs4/4,mcs5/4,mcs6/4,mcs7/4,mcs8/4,mcs9/4,mcs10/4,mcs11/4.
- rates11bgs List<String>
- Allowed data rates for 802.11b/g. Valid values: 1,1-basic,2,2-basic,5.5,5.5-basic,6,6-basic,9,9-basic,12,12-basic,18,18-basic,24,24-basic,36,36-basic,48,48-basic,54,54-basic,11,11-basic.
- rates11nSs12s List<String>
- Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: mcs0/1,mcs1/1,mcs2/1,mcs3/1,mcs4/1,mcs5/1,mcs6/1,mcs7/1,mcs8/2,mcs9/2,mcs10/2,mcs11/2,mcs12/2,mcs13/2,mcs14/2,mcs15/2.
- rates11nSs34s List<String>
- Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: mcs16/3,mcs17/3,mcs18/3,mcs19/3,mcs20/3,mcs21/3,mcs22/3,mcs23/3,mcs24/4,mcs25/4,mcs26/4,mcs27/4,mcs28/4,mcs29/4,mcs30/4,mcs31/4.
- roamingAcct StringInterim Update 
- Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: disable,enable.
- saeGroups List<String>
- SAE-Groups. Valid values: 1,2,5,14,15,16,17,18,19,20,21,27,28,29,30,31.
- saeH2e StringOnly 
- Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saeHnp StringOnly 
- Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: disable,enable.
- saePasswords List<String>
- WPA3 SAE password to be used to authenticate WiFi users.
- saePk String
- Enable/disable WPA3 SAE-PK (default = disable). Valid values: disable,enable.
- saePrivate StringKey 
- Private key used for WPA3 SAE-PK authentication.
- scanBotnet StringConnections 
- Block or monitor connections to Botnet servers or disable Botnet scanning. Valid values: disable,block,monitor.
- schedule String
- Firewall schedules for enabling this VAP on the FortiAP. This VAP will be enabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
- secondaryWag StringProfile 
- Secondary wireless access gateway profile name.
- security String
- Security mode for the wireless interface (default = wpa2-only-personal). Valid values: None,WEP64,wep64,WEP128,wep128,WPA_PSK,WPA_RADIUS,WPA,WPA2,WPA2_AUTO,open,wpa-personal,wpa-enterprise,captive-portal,wpa-only-personal,wpa-only-enterprise,wpa2-only-personal,wpa2-only-enterprise,wpa-personal+captive-portal,wpa-only-personal+captive-portal,wpa2-only-personal+captive-portal,osen,wpa3-enterprise,sae,sae-transition,owe,wpa3-sae,wpa3-sae-transition.
- securityExempt StringList 
- Optional security exempt list for captive portal authentication.
- securityObsolete StringOption 
- Enable/disable obsolete security options. Valid values: disable,enable.
- securityRedirect StringUrl 
- Optional URL for redirecting users after they pass captive portal authentication.
- selectedUsergroups String
- Selective user groups that are permitted to authenticate.
- splitTunneling String
- Enable/disable split tunneling (default = disable). Valid values: disable,enable.
- ssid String
- IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name.
- stickyClient StringRemove 
- Sticky-Client-Remove. Valid values: disable,enable.
- stickyClient StringThreshold2g 
- Sticky-Client-Threshold-2G.
- stickyClient StringThreshold5g 
- Sticky-Client-Threshold-5G.
- stickyClient StringThreshold6g 
- Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP (-95 to -20, default = -76).
- targetWake StringTime 
- Enable/disable 802.11ax target wake time (default = enable). Valid values: disable,enable.
- tkipCounter StringMeasure 
- Enable/disable TKIP counter measure. Valid values: disable,enable.
- tunnelEcho NumberInterval 
- The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300).
- tunnelFallback NumberInterval 
- The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200).
- usergroup String
- Firewall user group to be used to authenticate WiFi users.
- utmLog String
- Enable/disable UTM logging. Valid values: disable,enable.
- utmProfile String
- UTM profile name.
- utmStatus String
- Enable to add one or more security profiles (AV, IPS, etc.) to the VAP. Valid values: disable,enable.
- vdom String
- Vdom.
- vlanAuto String
- Enable/disable automatic management of SSID VLAN interface. Valid values: disable,enable.
- vlanPooling String
- Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools (default = disable). When set to wtp-group, VLAN pooling occurs with VLAN assignment by wtp-group. Valid values: wtp-group,round-robin,hash,disable.
- vlanid Number
- Optional VLAN ID.
- voiceEnterprise String
- Enable/disable 802.11k and 802.11v assisted Voice-Enterprise roaming (default = disable). Valid values: disable,enable.
- webfilterProfile String
- WebFilter profile name.
ObjectWirelesscontrollerVapDynamicMapping_Scope, ObjectWirelesscontrollerVapDynamicMapping_ScopeArgs          
ObjectWirelesscontrollerVapMacFilterList, ObjectWirelesscontrollerVapMacFilterListArgs            
- Id double
- ID.
- Mac string
- MAC address.
- MacFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
- Id float64
- ID.
- Mac string
- MAC address.
- MacFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
- id Double
- ID.
- mac String
- MAC address.
- macFilter StringPolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
- id number
- ID.
- mac string
- MAC address.
- macFilter stringPolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
- id float
- ID.
- mac str
- MAC address.
- mac_filter_ strpolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
- id Number
- ID.
- mac String
- MAC address.
- macFilter StringPolicy 
- Deny or allow the client with this MAC address. Valid values: deny,allow.
ObjectWirelesscontrollerVapMpskKey, ObjectWirelesscontrollerVapMpskKeyArgs          
- Comment string
- Comment.
- ConcurrentClients string
- Number of clients that can connect using this pre-shared key.
- KeyName string
- Pre-shared key name.
- MpskSchedules string
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- Passphrases List<string>
- WPA Pre-shared key.
- Comment string
- Comment.
- ConcurrentClients string
- Number of clients that can connect using this pre-shared key.
- KeyName string
- Pre-shared key name.
- MpskSchedules string
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- Passphrases []string
- WPA Pre-shared key.
- comment String
- Comment.
- concurrentClients String
- Number of clients that can connect using this pre-shared key.
- keyName String
- Pre-shared key name.
- mpskSchedules String
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- passphrases List<String>
- WPA Pre-shared key.
- comment string
- Comment.
- concurrentClients string
- Number of clients that can connect using this pre-shared key.
- keyName string
- Pre-shared key name.
- mpskSchedules string
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- passphrases string[]
- WPA Pre-shared key.
- comment str
- Comment.
- concurrent_clients str
- Number of clients that can connect using this pre-shared key.
- key_name str
- Pre-shared key name.
- mpsk_schedules str
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- passphrases Sequence[str]
- WPA Pre-shared key.
- comment String
- Comment.
- concurrentClients String
- Number of clients that can connect using this pre-shared key.
- keyName String
- Pre-shared key name.
- mpskSchedules String
- Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.
- passphrases List<String>
- WPA Pre-shared key.
ObjectWirelesscontrollerVapPortalMessageOverrides, ObjectWirelesscontrollerVapPortalMessageOverridesArgs            
- AuthDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- AuthLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- AuthLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- AuthReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- AuthDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- AuthLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- AuthLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- AuthReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer StringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin StringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin StringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject StringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer stringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin stringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin stringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject stringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
- auth_disclaimer_ strpage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- auth_login_ strfailed_ page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- auth_login_ strpage 
- Override auth-login-page message with message from portal-message-overrides group.
- auth_reject_ strpage 
- Override auth-reject-page message with message from portal-message-overrides group.
- authDisclaimer StringPage 
- Override auth-disclaimer-page message with message from portal-message-overrides group.
- authLogin StringFailed Page 
- Override auth-login-failed-page message with message from portal-message-overrides group.
- authLogin StringPage 
- Override auth-login-page message with message from portal-message-overrides group.
- authReject StringPage 
- Override auth-reject-page message with message from portal-message-overrides group.
ObjectWirelesscontrollerVapVlanName, ObjectWirelesscontrollerVapVlanNameArgs          
ObjectWirelesscontrollerVapVlanPool, ObjectWirelesscontrollerVapVlanPoolArgs          
- _wtp_ strgroup 
- _Wtp-Group.
- id float
- ID.
Import
ObjectWirelessController Vap can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/objectWirelesscontrollerVap:ObjectWirelesscontrollerVap labelname {{name}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
-> Hint: The scopetype and adom for import will directly inherit the scopetype and adom configuration of the provider.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the fortimanagerTerraform Provider.